[haiku-bugs] Re: [Haiku] #16610: app_server: crash when running application from another user

  • From: "Haiku" <trac@xxxxxxxxxxxx>
  • To: undisclosed-recipients: ;
  • Date: Thu, 19 Nov 2020 20:18:02 -0000

#16610: app_server: crash when running application from another user
---------------------------------+----------------------------
  Reporter:  X512                |      Owner:  axeld
      Type:  bug                 |     Status:  new
  Priority:  normal              |  Milestone:  Unscheduled
 Component:  Servers/app_server  |    Version:  R1/Development
Resolution:                      |   Keywords:
Blocked By:                      |   Blocking:
  Platform:  All                 |
---------------------------------+----------------------------
Comment (by korli):

 Replying to [comment:6 X512]:

Device node pointers are passed directly from userland without checks:
 `device_node* node = (device_node*)cookie;`. It can be used to access and
 modify kernel memory from userland. Some kind of ID like file descriptor
 should be used to identify `device_node` in userland. Or userland API
 should be changed so direct `device_node` will be not needed, for example
 use opened file descriptor with pointers to current device_node to
 communicate with userland.

 yeah there is even a TODO about it in the one function involved.
 https://git.haiku-
 os.org/haiku/tree/src/system/kernel/device_manager/device_manager.cpp#n428
-- 
Ticket URL: <https://dev.haiku-os.org/ticket/16610#comment:12>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts:

  1. Home
  2. haiku-bugs
  3. Archive
  4. 11-2020