DF-0224
ksched_getparam leaves sched_priority uninitialized for non-RT procs -> kernel stack info leak
Summary
ksched_getparam(:146-147) only writes sched_priority when RTP_PRIO_IS_REALTIME. Non-RT procs return 0 without writing. Caller kern_p1003_1b.c:227 declares uninit, :244-245 unconditional copyout. 4 bytes kernel stack to unpriv user via sched_getparam(getpid(),&sp).