cvs commit: src/sys/compat/linux linux_misc.c

Dominic Marks dom at helenmarks.co.uk
Sat Jun 24 12:17:13 UTC 2006 

Alexander Leidinger wrote:
> Quoting Alexander Leidinger <netchild at FreeBSD.org> (Fri, 23 Jun 2006
> 18:49:38 +0000 (UTC)):
>
>> netchild    2006-06-23 18:49:38 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:
>>     sys/compat/linux     linux_misc.c
>>   Log:
>>   The linux times syscall can be called with a NULL pointer, so keep
>> cool
>>   and don't panic.
>>
>>   This fix is different from the patch submitted as it not only
>> prevents
>>   a NULL-pointer dereference, but also skips some work in this case.
>
> I realized this may be a little bit misleading...
>
> The NULL pointer is used as the destination in a copyout. And it
> writes
> some kind of time values (current time). So this will overwrite parts
> at the userland address 0. This will not lead to a kernel panic, but
> it
> will do malicious things to the program which uses the linux times
> syscall. So this is not a DoS in any case. The problematic case is
> when
> a linux program uses a NULL pointer in the times syscall
> conditionally.
> This may render the service which uses such a linux program useless
> sometimes. For programs which use NULL there every time, this is not a
> DoS, it's just a normal bug (e.g. you can't use Oracle 10g Express)
> which prevents the use of this program.
>
> So this is not a a huge security flaw, it's more a not so small
> inconvenience. Since the RELENG_x_y branches are under control of the
> secteam, I used the "Security:" mark up to encode the possible need to
> merge this (I'm assuming Oracle 10g is important enough that we want
> our users to be able to run it).
>
> For the curious people: there are two more patches needed to run
> Oracle
> 10g. They involve linprocfs and pseudofs. I will take care of them
> later (and if this commit is subject to a merge to RELENG_x_y, the
> other
> two patches should be too, but this will the powers with hats
> decide...).

We use lots of Oracle at work but currently on Windows and Solaris.
I'd be interested in testing and helping document '10g on FreeBSD'
this once these patches are available / in the tree.

Thanks!

Dominic

> Bye,
> Alexander.
>
> --
>       ...and that is how we know the Earth to be banana-shaped.
> http://www.Leidinger.net  Alexander @ Leidinger.net: PGP ID = B0063FE7
> http://www.FreeBSD.org     netchild @ FreeBSD.org  : PGP ID = 72077137
> _______________________________________________
> cvs-src at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-src
> To unsubscribe, send any mail to "cvs-src-unsubscribe at freebsd.org"
>

More information about the cvs-src mailing list