security issues of aio



Hallo,

in /sys/conf/NOTES there is a comment
| # Use real implementations of the aio_* system calls. There are numerous
| # stability and security issues in the current aio code that make it
| # unsuitable for inclusion on machines with untrusted local users.
| options VFS_AIO

Are there still problems with aio?

I only found http://xforce.iss.net/xforce/xfdb/7693, but no
advisory or other hint that this was fixed (I think I must have missed
that somehow). And some closed PRs about fixed problems.

Do these affect aio.ko as well?

Thanks,
Nicolas

--
http://www.rachinsky.de/nicolas
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • security issues of aio
    ... | # Use real implementations of the aio_* system calls. ... | # stability and security issues in the current aio code that make it ... And some closed PRs about fixed problems. ...
    (freebsd-stable)
  • [EXPL] Race Condition in FreeBSD AIO Implementation
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... AIO is a POSIX standard for asynchronous I/O. ... scheduled AIO operations persist after an execve, ... instance, operations on pipes will not complete fully after an execve, ...
    (Securiteam)
  • Re: AIO vulnerability (from bugtraq)
    ... :default in FreeBSD and the warning is pretty clear. ... I'd really like to get AIO ... :> Soniq Security Advisory ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • AIO vulnerability (from bugtraq)
    ... Soniq Security Advisory ... AIO is a POSIX standard for asynchronous I/O. ... scheduled AIO operations persist after an execve, ... Currently VFS_AIO is not enabled in the default FreeBSD kernel config, ...
    (FreeBSD-Security)