[EROS-Arch] EROS security bug
Charles Landau
clandau@macslab.com
Mon, 12 Mar 2001 06:36:12 -0800
The test at http://www.eros-os.org/eros-src/sys/eros/i486/SaveArea.h#44 is
different from the test at
http://www.eros-os.org/eros-src/sys/arch/i486/kernel/UserContext.cxx#513.
The latter sets the fault code only if fixRegs.CS is nonzero.
OC_GetRegs32 followed by OC_SetRegs32 provides a machine-independent way to
set the PC and SP. It shouldn't be necessary to also allow it via
OC_Process_Swap(ProcPCandSP).
"Jonathan S. Shapiro" wrote:
> Charlie:
>
> This is actually a bug in Process::ValidateRegValues() at
>
> http://www.eros-os.org/eros-src/sys/arch/i486/kernel/UserContext.cxx#513
>
> I would be interested to know if the fault code is getting set there.
> Certainly, this process should never have made it as far as IntTrap.cxx
> with an invalid CS or SS values.
>
> There is a difficult problem hiding here. The ideal thing to do would be
> to drop support dfor segment registers altogether, but this would
> preclude (e.g.) windows emulation later. The next best thing is to
> sanity check the values, which is what ValidateRegValues() is supposedly
> doing.
>
> Can you see if the fault code is getting set in ValidateRegValues(), and
> why it is not causing a process fault?
>
> The reason to expose that slot is to have a common mechanism for certain
> process updates. My general take is that it's a better policy to check
> the values than to restrict the changes, but I'm certainly prepared to
> re-examine this -- particularly now that most of the per-process
> operations are done through machine-dependent process code anyway.
>
> Thanks
>
> Jonathan
>
> Charles Landau wrote:
> >
> > OC_Process_Swap(ProcPCandSP) allows you to write any value to the CS and
> > SS registers, including any Current Privilege Level. tests/func/memmap
> > is a new test that crashes at
> > http://www.eros-os.org/eros-src/sys/arch/i486/kernel/IntTrap.cxx#188 as
> > a result.
> >
> > Jonathan, I don't know what your preference would be to fix this. I know
> > you wanted to keep the ProcPCandSP slot exposed for some reason. It
> > would be simple enough to force the CS and SS to safe values. It would
> > also be simple to disallow writing to this slot and force the user to
> > use OC_SetRegs32 to write the PC and SP.
> >
> > _______________________________________________
> > eros-arch mailing list
> > eros-arch@mail.eros-os.org
> > http://www.eros-os.org/mailman/listinfo/eros-arch