Date: Wed, 19 Jun 2002 15:38:19 -0700 (PDT) From: James Gritton <gritton@iserver.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/39547: SVR4 calls chgproccnt with the wrong argument Message-ID: <200206192238.g5JMcJM4036357@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 39547 >Category: kern >Synopsis: SVR4 calls chgproccnt with the wrong argument >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 19 15:40:03 PDT 2002 >Closed-Date: >Last-Modified: >Originator: James Gritton >Release: 4.6 >Organization: Verio Web Hosting >Environment: FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE #0: Tue Jun 11 06:14:12 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 >Description: The SVR4 emulation function svr4_sys_waitsys in sys/svr4/svr4_misc.c calls chgproccnt(), passing it a UID (q->p_cred->p_ruid) instead of a pointer to struct uidinfo, as the call is expecting. Chgproccnt wants to dereference this pointer. >How-To-Repeat: I didn't actually do anything to run the code, though it would seem pretty simple to kill the system with the proper UID. >Fix: Pass q->p_cred->p_uidinfo instead of q->p_cred->p_ruid. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206192238.g5JMcJM4036357>