FreeBSD/Alpha local DoS
Dag-Erling Smørgrav
des at des.no
Tue Jun 22 12:21:24 GMT 2004
[moved from security-officer list]
Marceta Milos <root at marcetam.net> writes:
> This is second time I try to contact you. I hope someone will reply.
The third, actually - but you should talk to alpha at freebsd.org
instead. We do not issue security advisories for local denial of
service vulnerabilities.
> something like putting :
>
> #ifdef ALPHA
> #define ALIGNED(x) x << 62 ? 0 : 1
> #endif
It's not that simple, because alignment requirements exist on other
platforms as well, and usually vary with the type of data. Since argv
and envv are pointers to arrays of pointers, we need to check that
they satisfy the alignment requirements for pointers:
#define PTR_ALIGNED(x) (((x) & 0x7) == 0)
Actually, we already have an ALIGNED_POINTER() macro on Alpha, AMD64
and IA64, but we can't use it in MI code since it doesn't exist on all
platforms. This should be easy to fix.
> #ifdef ALPHA
> if (!ALIGNED(*argv) || !ALIGNED(*env))
> return -ERROR;
> #endif
You need to check argv itself, not what it points to; and "return
-ERROR" is a Linuxism. The correct incantation in FreeBSD would be
if (!PTR_ALIGNED(uap->argv) || !PTR_ALIGNED(uap->envv))
return (EFAULT);
which should be at the top of execve() in src/sys/kern/kern_exec.c.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-alpha
mailing list