Date: Tue, 22 Jun 2004 14:21:01 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: Marceta Milos <root@marcetam.net> Cc: alpha@freebsd.org Subject: Re: FreeBSD/Alpha local DoS Message-ID: <xzppt7rvl5e.fsf@dwp.des.no> In-Reply-To: <40D818E6.7000302@marcetam.net> (Marceta Milos's message of "Tue, 22 Jun 2004 13:32:54 %2B0200") References: <40D818E6.7000302@marcetam.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[moved from security-officer list]
Marceta Milos <root@marcetam.net> writes:
> This is second time I try to contact you. I hope someone will reply.
The third, actually - but you should talk to alpha@freebsd.org
instead. We do not issue security advisories for local denial of
service vulnerabilities.
> something like putting :
>
> #ifdef ALPHA
> #define ALIGNED(x) x << 62 ? 0 : 1
> #endif
It's not that simple, because alignment requirements exist on other
platforms as well, and usually vary with the type of data. Since argv
and envv are pointers to arrays of pointers, we need to check that
they satisfy the alignment requirements for pointers:
#define PTR_ALIGNED(x) (((x) & 0x7) =3D=3D 0)
Actually, we already have an ALIGNED_POINTER() macro on Alpha, AMD64
and IA64, but we can't use it in MI code since it doesn't exist on all
platforms. This should be easy to fix.
> #ifdef ALPHA
> if (!ALIGNED(*argv) || !ALIGNED(*env))
> return -ERROR;
> #endif
You need to check argv itself, not what it points to; and "return
-ERROR" is a Linuxism. The correct incantation in FreeBSD would be
if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv))
return (EFAULT);
which should be at the top of execve() in src/sys/kern/kern_exec.c.
DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzppt7rvl5e.fsf>