Subject: re: Syscall number space
To: Jason Thorpe <thorpej@shagadelic.org>
From: matthew green <mrg@eterna.com.au>
List: tech-kern
Date: 08/28/2007 04:31:41
As you can see, all it does is pad the table out with entries that
call sys_nosys(). It also defines a constant SYS_NSYSENT, which is
when used like so in machine-dependent code:
code &= (SYS_NSYSENT - 1);
callp += code;
(I.e. no test-and-branch for whether or not the system call number is
beyond the end of the table.)
hmm, this method seems buggy to me. it will fail, silently or
otherwise, in the case of someone passing syscall number outside
the range, when it gets silently truncated to some other number
and then this new number's syscall is executed instead.
true, it's only likely to affect binaries that are new running
no older kernels, but until convinced otherwise, i'm wary of
this being a potential security issue..
note that this sequence is only used by a few platforms, seems a
little over half check against the p_emul->e_nsysent.
.mrg.