Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cwruecmp!hal!ncoast!allbery From: allbery@ncoast.UUCP Newsgroups: comp.os.minix Subject: MINIX memory management/protection Message-ID: <2042@ncoast.UUCP> Date: Mon, 9-Feb-87 21:11:27 EST Article-I.D.: ncoast.2042 Posted: Mon Feb 9 21:11:27 1987 Date-Received: Wed, 11-Feb-87 05:37:56 EST References: <252@hqda-ai.UUCP> <1169@steinmetz.steinmetz.UUCP> <511@bobkat.UUCP> <888@cartan.Berkeley.EDU> Reply-To: allbery@ncoast.UUCP (Brandon Allbery) Followup-To: comp.os.minix Organization: Cleveland Public Access UNIX, Cleveland, OH Lines: 36 As quoted from <888@cartan.Berkeley.EDU> by ballou@brahms.Berkeley.EDU.UUCP: +--------------- | However, this is a blatant lie, and it is possible you are | vindicated. For, if auto variables are allocated on the stack, one | could still easily lose. Since the stack must lie in the same segment | as the static data (otherwise, pointers must have segments associated | with them to distinguish between auto and static variables), it is | possible to scribble over the stack. In doing so, one could alter a | return address and find oneself in another process, or perhaps the | kernel. Also, equally likely is that one would try to execute data | and encounter an illegal opcode. I believe (but I am not certain) | that this halts the 8086. +--------------- If the only way to exit to the kernel is a TRAP instruction, which will be controlled, then the program will only use NEAR RET instructions, and so cannot RET into another segment by changing a return address. Executing data still remains a problem; a bit of data that just happens to look like (say) JMP FAR F000:0000 will do a good job of hanging the system. Invalid opcodes? Sure enough, I see no indication of a trap vector for an illegal instruction. So executing data as program remains a potential problem. Or does it? One can always use separate I & D and fill unused sections of the code segment with 0xCC (INT 3), which can then be made synonymous with the exit syscall. Of course, the MINIX assembler needs to be fixed to work with separate I & D, but after that you CANNOT find yourself in the data segment. You then have to do assembler munging -- deliberately -- to crash the system. -- ++Brandon (Resident Elf @ ncoast.UUCP) ____ ______________ / \ / __ __ __ \ Brandon S. Allbery !ncoast!allbery ___ | /__> / \ / \ aXcess Co., Consulting ncoast!allbery@Case.CSNET / \ | | `--, `--, 6615 Center St. #A1-105 (...@relay.CS.NET) | | \__/ \__/ \__/ Mentor, OH 44060-4101 \____/ \______________/ +1 216 974 9210