Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Jun 2004 15:30:45 +0200
From:      Marceta Milos <root@marcetam.net>
To:        des@des.no
Cc:        alpha@freebsd.org
Subject:   Re: FreeBSD/Alpha local DoS
Message-ID:  <40D83485.3000708@marcetam.net>
In-Reply-To: <002601c45856$fea84990$020110ac@mm>
References:  <002601c45856$fea84990$020110ac@mm>
next in thread | previous in thread | raw e-mail | index | archive | help 
>
>
Hi, Thank you for reply.


>The third, actually - but you should talk to alpha@freebsd.org
>instead.  We do not issue security advisories for local denial of
>service vulnerabilities.

Ok. Well, I hope you don't maint if I issue it somewhere. (I would just
like to hear from Alpha developers, to know they wrote solution for it).

>>something like putting :

>>#ifdef ALPHA
>>#define ALIGNED(x) x << 62 ? 0 : 1
>>#endif


>It's not that simple, because alignment requirements exist on other
>platforms as well, and usually vary with the type of data.  Since argv
>and envv are pointers to arrays of pointers, we need to check that
>they satisfy the alignment requirements for pointers:

>#define PTR_ALIGNED(x) (((x) & 0x7) == 0)

I agree. Thank you for pointing this out.

>>#ifdef ALPHA
>>if (!ALIGNED(*argv) || !ALIGNED(*env))
>>return -ERROR;
>>#endif

> You need to check argv itself, not what it points to; and "return
> -ERROR" is a Linuxism.  The correct incantation in FreeBSD would be
>
>        if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv))
>                return (EFAULT);

Sorry for Linuxism, I just didn't pay attention to it. Just wanted to share idea.
Of course that formal incantation should be respected. Your line looks like 
possible workaround.
 
>which should be at the top of execve() in src/sys/kern/kern_exec.c.

>Actually, we already have an ALIGNED_POINTER() macro on Alpha, AMD64
>and IA64, but we can't use it in MI code since it doesn't exist on all
>platforms.  This should be easy to fix.

Please correct me if I am wrong, but src/sys/kern/kern_exec.c is
MI code.

So, putting the macro ALIGNED_POINTER or PTR_ALIGNED into execve(),
in mentioned file, whould be actually, putting MD code (since it's
not necessary on all platforms), into MI code ?

Well, I guess it's easy to fix, but I would just like to hear someone from
Alpha developers, to see their final idea, solution and patch for this.


Best regards,


Milos Marceta

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D83485.3000708>