Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!fuug!demos!dvv From: dvv@hq.demos.su (Dmitry V. Volodin) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Message-ID: <1991Feb25.195205.14910@hq.demos.su> Date: 25 Feb 91 19:52:05 GMT References: <7667@crash.cts.com> <4507@alliant.Alliant.COM> <1991Feb23.073721.7800@rand.org> Organization: DEMOS, Moscow, USSR Lines: 22 In <1991Feb23.073721.7800@rand.org> edhall@rand.org (Ed Hall) writes: >Ah, but remember, the '386 has segmentation as well! Just put the >u structure out of reach for the default segments, and add another >segment that only covers the FP register area. Of course, this would >mean that the emulator would probably have to reload a segment register >or two, but that's lots faster than entering the kernel. I suspect >there are other ways, though... Closing u completely for emulator won't work. The emulator should work differently when the process is running on it's own and when it is traced. Emulators usually try to execute as much floating instructions in a row as possible, often causing problems for step-by- step debugging - you command to step one instruction and the damned thing doesn't stop until all the floating instructions are interpreted. The right emulator should distinguish between traced and untraced mode, and the only fast and reliable way to do it is to have u handy. -- Dmitry V. Volodin | fax: +7 095 233 5016 | Call me Dima ('Dee-...) phone: +7 095 231 2129 |