[bug #48456] mig-generated user code does not destroy invalid reply

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #48456] mig-generated user code does not destroy invalid reply

From:	Kalle Olavi Niemitalo
Subject:	[bug #48456] mig-generated user code does not destroy invalid reply
Date:	Wed, 31 Aug 2016 22:35:59 +0000 (UTC)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0

Follow-up Comment #1, bug #48456 (project hurd):

I wrote: "This could perhaps be used for denial of service, if a long-lived
process calls a less-trusted one."

The exec server is a long-lived process, and it calls several RPC routines on
the FILE and OLDTASK passed to exec_exec, which can be called by anyone.  That
makes it vulnerable to the DoS.  I don't currently have a test case for that.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?48456>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #48456] mig-generated user code does not destroy invalid reply, Kalle Olavi Niemitalo <=

Prev by Date: Re: [PATCH] drop the deprecated malloc/free hooks in hurd/mach-defpager
Next by Date: problems with a subhurd
Previous by thread: RFC: [PATCH] Enable olddelta to be NULL in adjtime(3)
Next by thread: problems with a subhurd
Index(es):
- Date
- Thread