Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!mcsun!unido!math.fu-berlin.de!fub!dobag.in-berlin.de!cla
From: cla@dobag.in-berlin.de (Christian Lampl)
Newsgroups: comp.os.minix
Subject: Re: MINIX Security
Message-ID: <R9KPITM@dobag.in-berlin.de>
Date: 1 Apr 91 14:14:45 GMT
References: <53.27E71F95@keeper.sublink.ORG> <9103303877@minixug.mugnet.org>
Organization: Dobag Computer Systems Berlin
Lines: 29

waltje@minixug.mugnet.org (Fred 'The Rebel' van Kempen) writes:

>bergonz@keeper.sublink.ORG (Michele Bergonzoni) wrote:
>> 
>>  > it should be possible to write an assembler program which hunts around 
>>  > for the kernel's process table, figures out what's where, and manually 
>>  > changes its uid to 0.  Practically, this might be quite messy.
>> 
>> Really not! I've seen such a program working on commercial, AT&T-licensed  
>> versions of UNIX !!!
>> Ciao
>Close to impossible on any machine that supports protected mode.  On a simple
>286, it is IMPOSSIBLE to junk around in segments not belonging to the current
>process...: Memory fault- core dumped !   :-) ^100

>Fred.

Yes, but even in some Unix Systems on the 386 it's junk around in segments
not belonging to the current process ! For example Interactives System V R 3..
on a 386 without mathematical co-processor ! A bug like this was posted in
alt.hackers some weeks ago !

Bye
   Christian !!

-- 
cla@dobag.in-berlin.de | An optimist believes we live in the best world |
Christian Lampl        | possible; a pessimist fears this is true !!    |
Berlin, Germany        |                                                |