On Tuesday, June 19, 2012 2:15:54 pm Steven Chamberlain wrote: > Hi, > > Thanks a lot of looking into this! > > On 18/06/12 22:37, Simon L. B. Nielsen wrote: > > Note that this is ONLY for FreeBSD 8.1. Other branches are OK. > > Having seen the correct fix now, I'm starting to wonder if the commit to > RELENG_7_4 was really okay too? > > http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975 > > The inserted code does not appear at the end of the function, like it > does now in all other versions including 8.1 which is the most similar. > > I expect this would at least trap if the exploit was attempted, but then > it would omit the rest of the function, including userret(); would that > have consequences?
It would perhaps be best to occur at the end of the function to be consistent. However, the fix is functionally correct in this case. -- John Baldwin _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
