Re: PATCH: proc_do_stop and rpctrace

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATCH: proc_do_stop and rpctrace

From:	Ognyan Kulev
Subject:	Re: PATCH: proc_do_stop and rpctrace
Date:	Sat, 16 Aug 2003 11:16:57 +0300
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030714 Debian/1.4-2

Marcus Brinkmann wrote:

On Sat, Aug 09, 2003 at 05:33:29PM -0400, Roland McGrath wrote:

The concern I have about this patch per se is proc calling thread_resume on
a random port from the user.  This is at least a DoS opportunity.  It also
points to a more general problem rpctrace has--servers make comparisons
between ports from the user (rpctrace) and ports outside rpctrace's sphere
of interposition.  I bet "rpctrace ln foo bar" (dir_link) gets EXDEV too.


Shall I revert the patch?

proc also uses the task port given by rpctrace. So one can write aprogram that passes fake task port to proc, and when proc tries tohandle the fake process in some way, the whole proc server will hangbecause it is single-threaded. Isn't it principally like thethread_resume case?


Regards
--
Ognyan Kulev <ogi@{fmi.uni-sofia.bg,fsa-bg.org}>
7D9F 66E6 68B7 A62B 0FCF  EB04 80BF 3A8C A252 9782

[Prev in Thread]

Current Thread

[Next in Thread]

Re: PATCH: proc_do_stop and rpctrace, Ognyan Kulev <=
- Re: PATCH: proc_do_stop and rpctrace, Marcus Brinkmann, 2003/08/16
  - Re: PATCH: proc_do_stop and rpctrace, Ognyan Kulev, 2003/08/16
    - Re: PATCH: proc_do_stop and rpctrace, Marcus Brinkmann, 2003/08/16
- Re: PATCH: proc_do_stop and rpctrace, Roland McGrath, 2003/08/16

Prev by Date: (no subject)
Next by Date: Re: e2fslibs for ext2fs?
Previous by thread: SUBJECT=Re: dunlap,The Internet's BestPharmacyChoice phngqjyvhnz
Next by thread: Re: PATCH: proc_do_stop and rpctrace
Index(es):
- Date
- Thread