On 1112190917 seconds since the Beginning of the UNIX epoch
"ALeine" wrote:
>
>I took a quick look at the latest NetBSD CGD code and found
>out that out of 19 memory allocation operations 11 (almost 60%)
>are done in a way that could lead to a segmentation violation
>which would leave behind a core dump full of sensitive
>information that could be used to compromise a CGD encrypted
>disk. While this attack is not very practical since it requires
>the attacker to be able to cause resource starvation at a
>specific time when cgdconfig is used, it is still possible.
>Here are the details...
Thanks for having a look at that. I have checked in a fix.
I presume that you have addressed the cases in GBDE where malloc's
return code has not been checked? If so, perhaps cvsweb is a little
behind. It looks to me like 2 or 4 mallocs can use a buffer without
checking the return code.
I am not convinced that you'd be able to exploit these in either
CGD or GBDE because {Net,Free}BSD use an overcommit strategy for
memory allocation, so it is unlikely that the process will be denied
memory. It will just get killed without a core dump when it tries
to instantiate memory that does not exist.
All that said, I've fixed the problem and will be submitting a
pullup request for the next NetBSD release.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
