Date: Sun, 5 Oct 2003 22:15:51 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Don Lewis <truckman@freebsd.org> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/kern kern_sysctl.c Message-ID: <20031005213809.O4773@gamplex.bde.org> In-Reply-To: <200310051041.h95AfBN1049085@gw.catspoiler.org> References: <200310051041.h95AfBN1049085@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Oct 2003, Don Lewis wrote: > On 5 Oct, Bruce M Simpson wrote: > > bms 2003/10/05 02:37:47 PDT > > > > FreeBSD src repository > > > > Modified files: > > sys/kern kern_sysctl.c > > Log: > > Fix a security problem in sysctl() the long way round. > > > > Use pre-emption detection to avoid the need for wiring a userland buffer > > when copying opaque data structures. > > > > sysctl_wire_old_buffer() is now a no-op. Other consumers of this > > API should use pre-emption detection to notice update collisions. > > There are a number of consumers of sysctl_wire_old_buffer() that use it > to avoid blocking while holding a mutex. In general they call > SYSCTL_OUT() multiple times while traversing a data structure. They > probably should have been fixed before neutering > sysctl_wire_old_buffer(). I'm not happy with most of this set of changes. The largest bug that I noticed is that the implementation of retrying is quite broken. SYSCTL_OUT() continues from the current position, so if a context switch occurs then garbage output or a garbage errno is ensured by attempting to fill the user buffer with multiple copies of the data. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031005213809.O4773>