Subject: Re: fstat syscalls buggy in -current ?
From: David Laight <email@example.com>
Date: 05/15/2002 21:40:44
On Wed, May 15, 2002 at 01:23:52PM -0700, Bill Studenmund wrote:
> On Wed, 15 May 2002, David Laight wrote:
> > On Wed, May 15, 2002 at 12:44:52PM -0700, Bill Studenmund wrote:
> > > Probably. i386 has a shared-address space; the kernel is mapped into the
> > > top of each process's address space. So the addresses were valid, and
> > > vmware probably ignored the not-user-space check.
> > In that case it is particularly broken!
> > Definitely a serious security problem.....
> Not necessarily, but maybe. The problem here is the kernel happily reading
> from or writing to kernel pages with code that should complain. To be a
> security problem, user code would need to be able to read/write kernel
> pages. That's a different problem, which isn't part of this thread so far.
So do a write() with a kernel address.....
Shouldn't complain until you get to copyin().
There is a strong inference that a user could dump kernel memory.
David Laight: firstname.lastname@example.org