>I'd suggest that we need to look at this in two ways: > >(1) There's a compile-time INVARIANT that needs to be maintained by > developers in adding new system calls. When building the kernel, it > would be useful to have a compile-time assertion that causes a kernel > compile to fail if an invalid system call is defined. I.e., when > init_sysent.c is generated, it should build in __CTASSERT's that all > argument counts are consistent with the requirements of the hardware > architecture being built for. > >(2) There's a run-time INVARIANT issue for loadable modules built by third > parties who may not understand the limits on arguments on system calls > for various architectures. This can be handled by a check in the > system call registration code, although since that's a non-critical > performance path, I suggest testing the invariant even if INVARIANTS > isn't compiled in. In some ways, I'd rather handle this at > compile-time for the module, but I think the infrastructure for > hooking up system calls at compile-time for modules will make that > more difficult as compared to statically compiled system calls. >
Completely agree >Note that the discussion so far has not addressed the compile-time issue: > >which is a much better time to perform the tests -- it's something we can >test when the kernel is compiled, so why not?. It also hasn't addressed >non-i386 systems, such as amd64, which have similar or identical concerns. I was thinking exactly to it while coding patch, but I'm not so experienced with SPARC and/or other architectures to do that >With all due respect to the submitter, I think bugtraq was not the forum >to post this issue to, as that forum is typically preferred for >exploitable vulnerabilities. A follow-up post to clarify that the initial >post described a possible avenue for programmer error when extending the >kernel, rather than an immediately exploitable vulnerability, might reduce >confusion. You're completely right again. I posted on bugtraq beacause somebody else could get a good idea to break code, something I not thought...(so I post this email in hackers@ to let other undestand mine wasn't a exploitable bug report; nobody told "exploitable bug user -> root" or something like that). So what we I have to do? remove INVARIANTS dependency? thanks, rookie _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
