[pups] Issues of AUUGN
Dave Horsfall
dave at horsfall.org
Wed Oct 4 20:22:24 AEST 2006
On Wed, 4 Oct 2006, Johnny Billquist wrote:
> > There was a clever assembly program that did it; it relied upon the
> > instruction counter wrapping around (I can't remember in which
> > direction, or whether it first relocated itself). Anyone, it managed
> > to fill memory with SPLs, so the next instruction after overwriting
> > its last instruction was SPL, and for the foreseeable future after
> > that...
>
> It would have to wrap forwards. Basically, if you just have a
>
> MOV (PC)+,(R0)+
> SPL #7
Yes, that's it! Except it was SPL 0; not that it made any difference, but
it was just as devastating in user mode.
Damn; I'm still trying to visualise how it works... It took me ages, the
first time I saw it; I *think* it propagates the MOV throughout memory,
leaving a trail of SPLs behind it?
> and make sure that the rest of the memory don't do anything overly
> foolish, [...]
Not a problem in user mode?
> However, another way of achieving this, if you have some kind of control
> of the MMU is to just fill one page with SPLs, and then remap all of
> your memory to be that page. The last page you remap is just the page
> that holds all the code doing the setup.
But you'd need kernel mode for that; this is a DoS attack (one of the
first?) launched by a user.
> > If I find the article I'll post it here; I don't think there are too
> > many 11/70s still in public operation.
>
> Well, ours is occasionally. It's off at the moment, since we're not
> allowed to consume that much money anymore, but Magica.Update.UU.SE is
> just a key turn away from being online.
Cool :-)
> > I'll remember that, should I ever see an emulator :-) I still
> > remember Ian Johnstone cursing me...
>
> :-)
It was two words: "YOU XXXX!" (an indelicate term for a part of the female
anatomy) followed by the phone being slammed down...
> Oh, that would be having the HALT switch down and pressing the START
> switch, by the way. That combination will trigger a Unibus reset, and
> will bring the CPU out of almost all catatonic states that I've seen,
> including serious bus problems.
Interesting. I knew the HALT switch didn't halt the box right away; bus
transfers still completed so we were taught to W/PROT the RK-05s *after*
hitting HALT, but I didn't know it worked in combination.
-- Dave
More information about the TUHS
mailing list