From owner-freebsd-current@FreeBSD.ORG  Thu Jul 15 22:31:50 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7038316A4CE; Thu, 15 Jul 2004 22:31:50 +0000 (GMT)
Received: from pd3mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 0548743D2F; Thu, 15 Jul 2004 22:31:50 +0000 (GMT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from pd5mr7so.prod.shaw.ca
	(pd5mr7so-qfe3.prod.shaw.ca [10.0.141.183]) by l-daemon
	(iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003))
	with ESMTP id <0I0W00ABWZGW60@l-daemon>;
	Thu, 15 Jul 2004 16:22:08 -0600 (MDT)
Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7])
 by pd5mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar
 15 2004)) with ESMTP id <0I0W003XVZGW5LC0@pd5mr7so.prod.shaw.ca>; Thu,
 15 Jul 2004 16:22:08 -0600 (MDT)
Received: from piii600.wadham.ox.ac.uk
	(S0106006067227a4a.vc.shawcable.net [24.87.233.42])2003))
	with ESMTP id <0I0W0001WZGUCI@l-daemon>;
	Thu, 15 Jul 2004 16:22:08 -0600 (MDT)
Date: Thu, 15 Jul 2004 15:20:19 -0700
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-reply-to: <20040715220447.GA32888@xor.obsecurity.org>
X-Sender: cperciva@popserver.sfu.ca (Unverified)
To: Kris Kennaway <kris@obsecurity.org>
Message-id: <6.1.0.6.1.20040715151650.03fae510@popserver.sfu.ca>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6
Content-type: text/plain; charset=us-ascii
References: <200407151424.i6FEOdoq060881@fledge.watson.org>
 <20040715220447.GA32888@xor.obsecurity.org>
cc: re@freebsd.org
cc: current@freebsd.org
Subject: Re: 5.3-RELEASE TODO
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2004 22:31:50 -0000

At 15:04 15/07/2004, Kris Kennaway wrote:
>* linprocfs 
>[...]
>       if (pvd->pvd_pid != NO_PID) {
>                if ((proc = pfind(pvd->pvd_pid)) == NULL)
>                        PFS_RETURN (ENOENT);
>-->             vap->va_uid = proc->p_ucred->cr_ruid;
>
>rwatson has a patch that works around this particular null pointer
>deref, but the underlying cause is not addressed.

This looks like the "embryonic processes are added to allproc and
p_hash too soon" bug (cf. kern/68364).  Last I heard, tjr was going
to fix this in the next few days.

Colin Percival