Matthew Miller wrote:
On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote:
I wonder if any existing user-land utilities have hooks into vmsplice that may be able to be accessed via PHP, Perl, or CGI?
It's a system call.
Yes, but conceivable an application can make use of such a system call since it is exploitable from user land and hence the concern.
Well, the point is there's nothing wrong with the system call *inherently*. There's just a flaw in its implementation which a carefully-crafted program can exploit. A program which just happens to use the system call as it is intended to be used isn't any more dangerous than any other code.
Sorry this thread keeps getting taken further out of context on each reply.
Yes I understand there is nothing inherently wrong with the concept of the vmsplice() system call and it adds a lot of benefit to the Linux kernel.
But if an application uses a system call, and that call to the system API depends on user input that isn't properly checking bounds, then said application can be used as a vector to system penetration.
That is all I am saying and was asking if anybody knew if such a vector existed in any PHP, Perl or CGI module as it would be the most likely method of leveraging the flaw if one did not have a shell account on that machine.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.