SECURITY BUG IN INTERACTIVE UNIX SYSV386
Dmitry V. Volodin
dvv at hq.demos.su
Tue Feb 26 06:52:05 AEST 1991
In <1991Feb23.073721.7800 at rand.org> edhall at rand.org (Ed Hall) writes:
>Ah, but remember, the '386 has segmentation as well! Just put the
>u structure out of reach for the default segments, and add another
>segment that only covers the FP register area. Of course, this would
>mean that the emulator would probably have to reload a segment register
>or two, but that's lots faster than entering the kernel. I suspect
>there are other ways, though...
Closing u completely for emulator won't work. The emulator should
work differently when the process is running on it's own and when
it is traced. Emulators usually try to execute as much floating
instructions in a row as possible, often causing problems for step-by-
step debugging - you command to step one instruction and the damned thing
doesn't stop until all the floating instructions are interpreted.
The right emulator should distinguish between traced and untraced mode,
and the only fast and reliable way to do it is to have u handy.
--
Dmitry V. Volodin <dvv at hq.demos.su> |
fax: +7 095 233 5016 | Call me Dima ('Dee-...)
phone: +7 095 231 2129 |
More information about the Comp.unix.sysv386
mailing list