- Original Message -
From: "Devon H. O'Dell" <[EMAIL PROTECTED]>
To: "Matt Emmerton" <[EMAIL PROTECTED]>; "Mike Meyer" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Saturday, September 18, 2004 4:01 AM
Subject: Re: FreeBSD Kernel buffer overfl
On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
+> % +#ifdef INVARIANTS
+> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
+> % +#endif
Maybe:
KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]),
("invalid number of syscall args"));
So
On 18 Sep, Pawel Jakub Dawidek wrote:
> On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
> +> % +#ifdef INVARIANTS
> +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
> +> % +#endif
>
> Maybe:
> KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(ar
On Sat, Sep 18, 2004 at 02:18:55AM -0700, Don Lewis wrote:
+> On 18 Sep, Pawel Jakub Dawidek wrote:
+> > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote:
+> > +> % +#ifdef INVARIANTS
+> > +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args"));
+> > +> % +
>> In <[EMAIL PROTECTED]>, Matt Emmerton
><[EMAIL PROTECTED]> typed:
>> > I disagree. It really comes down to how secure you want FreeBSD to
be,
>and
>> > the attitude of "we don't need to protect against this case because
>anyone
>> > who does this is asking for trouble anyway" is one of the mai
>-- Messaggio originale --
>Date: Sat, 18 Sep 2004 11:02:27 +0200
>From: Pawel Jakub Dawidek <[EMAIL PROTECTED]>
>To: Giorgos Keramidas <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Re: FreeBSD Kernel buffer overflow
>
>
>On Fri, Sep 17, 2004 at 12:37:12PM +0300, Gior
>What keeps the attacker from installing two syscalls, the first of which
>pokes NOPs over the KASSERT code, and the second of which accepts too
>many arguments?
>
>If you think we really need this bit of extra security, why not just
>prevent the syscall with too many arguments from being register
Here i report a patch different from Giorgos' one. The approch is completely
different: working on syscall_register() function in kern/kern_syscalls.c
file.
==
> cat kern_syscalls.diff
--- kern_syscalls.c Sat Sep 18 14:37:53 2004
+++ kern_syscalls2.cSat Sep 18
>==
>
>> cat kern_syscalls.diff
>--- kern_syscalls.c Sat Sep 18 14:37:53 2004
>+++ kern_syscalls2.cSat Sep 18 14:37:53 2004
>@@ -73,6 +73,11 @@
>sysent[*offset].sy_call != (sy_call_t *)lkmressys)
>return EEXIST;
>
>
On Sat, 18 Sep 2004 [EMAIL PROTECTED] wrote:
> Here i report a patch different from Giorgos' one. The approch is
> completely different: working on syscall_register() function in
> kern/kern_syscalls.c file.
I'd suggest that we need to look at this in two ways:
(1) There's a compile-time INVARI
>I'd suggest that we need to look at this in two ways:
>
>(1) There's a compile-time INVARIANT that needs to be maintained by
>developers in adding new system calls. When building the kernel, it
>would be useful to have a compile-time assertion that causes a kernel
>compile to fail if
On 2004-09-17 21:31, Andrew Novikov <[EMAIL PROTECTED]> wrote:
> On Tue, 14 Sep 2004 08:54:02 +, [EMAIL PROTECTED] wrote:
> > This is my first e-mail for this list.
> > I am interested in studing to better understand FreeBSD?s source code.
> > With 'make buildkernel' and 'make installkernel' is
In <[EMAIL PROTECTED]>, Matt Emmerton <[EMAIL PROTECTED]> typed:
> I disagree. It really comes down to how secure you want FreeBSD to be, and
> the attitude of "we don't need to protect against this case because anyone
> who does this is asking for trouble anyway" is one of the main reason why
> s
In <[EMAIL PROTECTED]>, Cantarella <[EMAIL PROTECTED]> typed:
>
>This is my first e-mail for this list.
>I am interested in studing to better understand FreeBSDĀ“s source code.
>With 'make buildkernel' and 'make installkernel' is it possible to
>compile the changes that I have made?
In <[EMAIL PROTECTED]>, Matt Emmerton <[EMAIL PROTECTED]> typed:
> - Original Message -
> From: "Mike Meyer" <[EMAIL PROTECTED]>
> To: "Matt Emmerton" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; "Avleen Vig"
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Satur
- Original Message
From: Matt Emmerton <[EMAIL PROTECTED]>
To: Mike Meyer <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: FreeBSD Kernel buffer overflow
Date: 18/09/04 05:41
>
>
> - Original Message -
> From: "Mike Meyer" <[EMAI
On 18 Sep, [EMAIL PROTECTED] wrote:
> Here i report a patch different from Giorgos' one. The approch is completely
> different: working on syscall_register() function in kern/kern_syscalls.c
> file.
>
> ==
>
>> cat kern_syscalls.diff
> --- kern_syscalls.c Sat Sep 1
On Sat, Sep 18, 2004 at 12:10:14PM +0200, [EMAIL PROTECTED] wrote:
>
> In my post I told that this is *NOT* exploitable but if somebody finds a
> method? what you can say? In underground comunities it's not so rare, patching
> is better than having a new exploits for freebsd. I was very deluded by
Don Lewis wrote:
On 18 Sep, [EMAIL PROTECTED] wrote:
Here i report a patch different from Giorgos' one. The approch is completely
different: working on syscall_register() function in kern/kern_syscalls.c
file.
==
cat kern_syscalls.diff
--- kern_syscalls.c Sat Sep 18
Greg,
I am not using remote debugging, that's why I made a call to kldsyms (local
system) but it only loaded acpi.ko.
May be I should try over a serial console. The system wasn't crashed or in db
prompt though.
As for the question regarding where I got the addresses from,
I typed:
asf -k -f -s -
20 matches
Mail list logo
