Subject: re: CVS commit: src/sys/dev
To: None <elad@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: source-changes
Date: 10/30/2006 16:51:55
Note it's possible to trigger a kernel panic by passing a junk
pointer in the 'fingerprint' member of the parameters, but then again
that's true for anything that copies in data from a userland-supplied
pointer. And we have plenty of those.
this seems bogus. what "plenty of those" are you referencing? i'm
not aware of any off hand and while restricted to root helps a bunch
we should fail these requests instead of panicing. they are bugs to
be fixed.
i'm curious why the kernel would be dereferencing an kernel address
that userland supplied, instead of a userland address... when does
userland know kernel addresses like this? besides LKMs.
.mrg.