DragonFly kernel List (threaded) for 2005-11
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: sendsys security issue

From:	Eric Jacobs <eric@xxxxxxxxxxx>
Date:	Mon, 7 Nov 2005 23:20:33 -0600

On Mon, 7 Nov 2005 19:50:13 -0800 (PST)
Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> wrote:

> 
> :
> :
> :I am interested in understanding and possibly fixing the security issue
> :that seems to be a problem with using sendsys to send an asynchronous
> :request. Anyone have any info?
> :
> :Thanks,
> :-Eric
> 
>     Could you elaborate on this?  I don't know of any current security
>     issues with sendsys, unless you are refering the potential for memory
>     exhaustion.

I noticed the following comment in libcaps/sysport.c :

    /**
     * XXX this is a temporary hack until the kernel changes to implement
     * the desired asynchronous goals.
     *
     * The current asynchronous messaging systemcall interface that sendsys
     * uses has some potential security issues and is limited to use by the
     * superuser only.  Synchronous messages are allowed by anyone.  Sendsys
     * returns EPERM in the case where you are not the superuser but tried to
     * send an asynchonous message.
     *
     * If you are not the super user then the system call will be made again,
     * but without MSGF_ASYNC set.
     */

Is this no longer pertinent?

>  sendsys is currently not used for anything real.

But it will be, right? It should subsume (or nearly subsume) the old syscall trap?

-Eric

References:
- sendsys security issue
  - From: Eric Jacobs
- Re: sendsys security issue
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]