On 18 Sep, Pawel Jakub Dawidek wrote: > On Fri, Sep 17, 2004 at 12:37:12PM +0300, Giorgos Keramidas wrote: > +> % +#ifdef INVARIANTS > +> % + KASSERT(0 <= narg && narg <= 8, ("invalid number of syscall args")); > +> % +#endif > > Maybe: > KASSERT(0 <= narg && narg <= sizeof(args) / sizeof(args[0]), > ("invalid number of syscall args")); > > So if we decide to increase/decrease it someday, we don't have to remember > about this KASSERT().
What keeps the attacker from installing two syscalls, the first of which pokes NOPs over the KASSERT code, and the second of which accepts too many arguments? If you think we really need this bit of extra security, why not just prevent the syscall with too many arguments from being registered by syscall_register()? At least that keeps the check out of the most frequently executed path. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"