--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

I'm adding two ioctl's to wscons to get console mouse support, though
I'll only talk about one because I know how to do the other.

The ioctl is called WSDISPLAYIO_GETWSCHAR. What I have in mind is the
following calling form: pass to the ioctl a pointer to a structure of
type wsdisplay_char. This structure holds data related to any char
on screen, like the letter it contains, background/foreground color,
position, etc.

So, when I call the ioctl I pass a pointer to that structure with the
row and column fields set. Then, in the kernel, I fill up the struct
with the missing data (letter, attributes), and this is what is
worring me. As I've been thinking, this may lead to security problems,
isn't it? Imagine you pass an invalid pointer to the ioctl (well, a
pointer that points outside your program). Then the kernel would
overwrite the memory it points to without any problem. Or am I wrong?

BTW, the ioctls are implemented in wsdisplay_cfg_ioctl, that is used
trought the /dev/ttyEcfg (so it is by default owned by root:wheel, so
this is not a security problem...)

How would you do this in a secure way?

Thanks!

--=20
Of course it runs NetBSD - http://www.netbsd.org
HispaBSD member - http://www.hispabsd.org
Julio Merino <jmmv@hispabsd.org>

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8zaWZzz00ZOPKycwRAi+IAKCBmSSAlpisD/NPk5dHsfoPPz5vmwCgi1FD
cb/jvmwR3Nt0r8vBU0Pw07o=
=JKAS
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--