--yzvKDKJiLNESc64M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 11, 2005 at 04:35:47PM +0200, Wolfgang Solfrank wrote:
> >To properly fix netbsd32_wait4(), the only thing that would be needed is
> >a slighly smarter copyin()/copyout() that would check if the supposedly
> >user address is actually a kernel address or not, and in the former case
> >only do a memcpy().  I don't know if it easy to do that, even if it ends
> >as a set of MD implementations.  I do know that it wouldn't be only
> >useful for compat_netbsd32, though.
>=20
> I'm not sure that I do understand what you are trying to do here.
>=20
> However, it sounds that you are trying to allow copyin/copyout to silently
> access kernel memory as source/destination respevtively.  Apart from=20
> Christos'
> comment regarding the possibility of determining a kernel from a user=20
> address,
> this is not a good idea.  copyin/copyout is not only for transferring data
> between the user and kernel domain, but is also used to check for access
> protection.  IIUC what you are proposing, this would open up serious=20
> security
> holes...

You're right: even if it was possible to make sure an address is for
the kernel or for the userland, it would be very hard to make sure the
kernel itself requested the copy to/from its own space;  it would have
meant passing a flag of some sort, which is basically what I do passing
a function.

At some point (I'm still using it for one syscall in my source tree) I
had the idea of passing a flag rather than a function, which would be
UIO_SYSSPACE or UIO_USERSPACE.  Then the dosyscall() routine would
either memcpy() or copyin/out depending on the value of that flag.  But
that affects the native path probably more that using a pointer to a
function.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

--yzvKDKJiLNESc64M
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBQtKGvNgoQloHrPnoAQJ0hgf7BtuQT7Aqr1NOW/ShrMH2BCknbXRclLrZ
UDWSTO3jrkvGtIEAkHiB6wbw49vK89gBLXTiJOavrhoxiPW773K3PEOnWm6mbScP
/Z7HWXF6TfUHEf+46QkMBuYgkSzp15pS0vGgWda40nwXsBHo3OM0+QyX0Bg2moyE
B7g7aU/9F3Y7O8AkKYuU+nbWSUxAY1pQfL85f7/LVEgkS0F3UPLTNnRH755bRlFg
8nS+kKplvYGp+mEg5QwWAaMz77n+wU1LpWKI5qd5r4Wipn7rBsoE21sA0/4qOFA0
g38Oo6JmEqVu5I/ZYUVHAjimAp56m1wkwOu8EbM/n1u9dT8x7HFsMA==
=1qmc
-----END PGP SIGNATURE-----

--yzvKDKJiLNESc64M--