From owner-freebsd-security  Wed Nov 17 13:12:49 1999
Delivered-To: freebsd-security@freebsd.org
Received: from green.myip.org (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 42CA414EC7
	for <freebsd-security@freebsd.org>; Wed, 17 Nov 1999 13:12:14 -0800 (PST)
	(envelope-from green@FreeBSD.org)
Received: from localhost ([127.0.0.1] ident=green)
	by green.myip.org with esmtp (Exim 3.02 #1)
	id 11oCIN-000Iyf-00; Wed, 17 Nov 1999 16:07:16 -0500
Date: Wed, 17 Nov 1999 16:07:14 -0500 (EST)
From: Brian Fundakowski Feldman <green@FreeBSD.org>
X-Sender: green@green.myip.org
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Kelly Yancey <kbyanc@posi.net>, freebsd-security@FreeBSD.ORG
Subject: Re: kernel stack contents visible from userland
In-Reply-To: <199911171727.JAA64140@apollo.backplane.com>
Message-ID: <Pine.BSF.4.10.9911171605080.72917-100000@green.myip.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>     Since the kernel stack is per-process, I don't think there is any 
>     security concern.  But you've definitely uncovered an undesired
>     trait so I think your patch is a good one.
> 
> 					-Matt
> 					Matthew Dillon 
> 					<dillon@backplane.com>

I'd be more inclined to, in any case, zero the memory.  If you return
a struct, you should be able to know exactly whether or not X data-field
is valid.  You can't do this if parts contain "random" memory.

-- 
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message