Re: CVS commit: src

To: source-changes%netbsd.org@localhost
Subject: Re: CVS commit: src
From: christos%astron.com@localhost (Christos Zoulas)
Date: Tue, 19 Feb 2008 03:04:34 +0000 (UTC)

In article <alpine.DEB.0.999.0802190340010.13154%m2s05.vlinux.de@localhost>,
Hubert Feyrer  <hubert%feyrer.de@localhost> wrote:
>
>On Mon, 31 Dec 2007, Andrew Doran wrote:
>> Log Message:
>> Remove systrace. Ok core@.
>
>Was there a rationale behind this decision published somewhere?
>If so, where?

I am not sure where it has been mentioned but:

The current implementation has security issues resulting from using
the stackgap to pass modified arguments to syscalls. This is is
easier to understand with with multi-threaded programs: since
systrace is using the stackgap to pass modified arguments to
syscalls, a second thread can overwrite those arguments after
systrace placed them but before the first thread executed the
syscall. Fixing this would require a completely different mechanism
to pass arguments to syscalls, perhaps having a wrapper for each
syscall to accommodate systrace (and receive arguments in kernel
space) and avoid TOCTOU races.

christos

Follow-Ups:
- Re: CVS commit: src
  - From: David Laight

References:
- CVS commit: src
  - From: Andrew Doran
- Re: CVS commit: src
  - From: Hubert Feyrer

Prev by Date: Re: CVS commit: src
Next by Date: CVS commit: src/games/larn
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index