|
From: | Roland McGrath |
Subject: | Re: PATCH: proc_do_stop and rpctrace |
Date: | Sat, 9 Aug 2003 17:33:29 -0400 (EDT) |
The concern I have about this patch per se is proc calling thread_resume on a random port from the user. This is at least a DoS opportunity. It also points to a more general problem rpctrace has--servers make comparisons between ports from the user (rpctrace) and ports outside rpctrace's sphere of interposition. I bet "rpctrace ln foo bar" (dir_link) gets EXDEV too.
[Prev in Thread] | Current Thread | [Next in Thread] |