is effected in useracc(), and also by a vm_protect() in vm_fork() for i386
CPUs. Without the latter a write to the user area, say USRSTACK+1000,
would hang a 386-based system.
from Eric Allman <eric@vangogh.cs.berkeley.edu>:
>Subject: sendmail 8.1C out
...
>THIS IS AN URGENT FIX. There is a security problem in 8.1B (and
>apparently most vendor versions of sendmail) that permits a user
>to read any file on the system (don't ask, I won't go into details).
>It should be installed immediately.
...
> ======================================================================
>
> 8.1C/8.1B 93/06/27
> Serious security bug fix: it was possible to read any file on
> the system, regardless of ownership and permissions.
> If a subroutine returns a fully qualified address, return it
> immediately instead of feeding it back into rewriting.
> This fixes a problem with mailertable lookups.
> CONFIG: fix some M4 frotz (concat => CONCAT)
>
to actually fail is currently disabled, as this would enable some new code
in vm_map_pageable() (disabled in this commit) that hasn't been used to
date. I'm fairly confident it is all OK, but shall test it some more once
the rest of the kernel is more stable, before enabling it.
* Yuval Yarom's socket recv(2) fixes, to prevent incorrect blocking and
lack thereof with recv(2) and MSG_WAITALL. Fixes a sbdrop() panic during
some MSG_WAITALL recv(2) sleeps. Access rights fix (also in
uipc_syscalls.c) too. A test program which shows these problems is
available.
* cleaned up hardclock() to avoid checking "p" multiple times, and avoid a
gcc2 possible-use-before-initialisation warning.
* changed softclock() timeout callback functions to be of type timeout_t -
a pointer to a void fn(int). No-one was using the second, tick, argument
that was being passed to these callbacks - it is much cleaner to drop the
thing entirely, rather than add a whole heap of casts of dubious
correctness to calls to timeout(), etc. The old style is kept in an
#ifdef, for future reference.
cgd