Alexander Leidinger wrote: > Quoting Alexander Leidinger <[EMAIL PROTECTED]> (Fri, 23 Jun 2006 > 18:49:38 +0000 (UTC)): > >> netchild 2006-06-23 18:49:38 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/compat/linux linux_misc.c >> Log: >> The linux times syscall can be called with a NULL pointer, so keep >> cool >> and don't panic. >> >> This fix is different from the patch submitted as it not only >> prevents >> a NULL-pointer dereference, but also skips some work in this case. > > I realized this may be a little bit misleading... > > The NULL pointer is used as the destination in a copyout. And it > writes > some kind of time values (current time). So this will overwrite parts > at the userland address 0. This will not lead to a kernel panic, but > it > will do malicious things to the program which uses the linux times > syscall. So this is not a DoS in any case. The problematic case is > when > a linux program uses a NULL pointer in the times syscall > conditionally. > This may render the service which uses such a linux program useless > sometimes. For programs which use NULL there every time, this is not a > DoS, it's just a normal bug (e.g. you can't use Oracle 10g Express) > which prevents the use of this program. > > So this is not a a huge security flaw, it's more a not so small > inconvenience. Since the RELENG_x_y branches are under control of the > secteam, I used the "Security:" mark up to encode the possible need to > merge this (I'm assuming Oracle 10g is important enough that we want > our users to be able to run it). > > For the curious people: there are two more patches needed to run > Oracle > 10g. They involve linprocfs and pseudofs. I will take care of them > later (and if this commit is subject to a merge to RELENG_x_y, the > other > two patches should be too, but this will the powers with hats > decide...).
We use lots of Oracle at work but currently on Windows and Solaris. I'd be interested in testing and helping document '10g on FreeBSD' this once these patches are available / in the tree. Thanks! Dominic > Bye, > Alexander. > > -- > ...and that is how we know the Earth to be banana-shaped. > http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 > http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/cvs-src > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
