From owner-freebsd-security  Mon Nov 10 05:39:57 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA01148
          for security-outgoing; Mon, 10 Nov 1997 05:39:57 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from mail.virginia.edu (mail.Virginia.EDU [128.143.2.9])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id FAA01140
          for <freebsd-security@freebsd.org>; Mon, 10 Nov 1997 05:39:49 -0800 (PST)
          (envelope-from atf3r@cs.virginia.edu)
Received: from mail.cs.virginia.edu by mail.virginia.edu id aa06422;
          10 Nov 97 8:39 EST
Received: from stretch.cs.virginia.edu (atf3r@stretch-fo.cs.Virginia.EDU [128.143.136.14])
	by ares.cs.Virginia.EDU (8.8.5/8.8.5) with ESMTP id IAA02280;
	Mon, 10 Nov 1997 08:39:30 -0500 (EST)
Received: (from atf3r@localhost)
	by stretch.cs.virginia.edu (8.8.5/8.8.5) id IAA08403;
	Mon, 10 Nov 1997 08:39:29 -0500 (EST)
Date: Mon, 10 Nov 1997 08:39:28 -0500 (EST)
From: "Adrian T. Filipi-Martin" <atf3r@cs.virginia.edu>
Reply-To: adrian@virginia.edu
To: Graphic Rezidew <rezidew@rezidew.net>
cc: roger@nwu.edu, freebsd-security@freebsd.org, Kadokev@ripco.com
Subject: Re: FW: [linux-security] pentium bug makes security under linux impo
In-Reply-To: <XFMail.971110022053.rezidew@rezidew.net>
Message-ID: <Pine.SUN.3.90.971110083506.8351B-100000@stretch.cs.Virginia.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 10 Nov 1997, Graphic Rezidew wrote:

> note: I have tested this for myself with
> netbsd (???)
> freebsd (2.2.2)
> BSDi (BSD/OS 3.0)
> dos (6.22) <hey, somebody has to use it>
> linux (as if a version means anything here)
> solaris x86 (2.6 and 2.5.1) (with gcc not /usr/ucb/bin/cc) 

	Argh!  I built the test program on a 486/66 running 2.2.2-STABLE
which correctly trapped the illegal instruction.  The same binary does
indeed kill a P120 running 2.2.1 cold. 

	Does anyone know of other illegal instruction patterns that can 
cause this?  Is this a unique one that a compiler could be patched to 
avoid?  I know it would not prevent the deliberate creation of such 
binaries, but it would slow down the novice-crackers who want to play 
with it.

	Adrian
--
adrian@virginia.edu        ---->>>>| If I were stranded on a desert island, and
System Administrator         --->>>| I could only have one OS for my computer,
Neurosurgical Visualzation Lab -->>| it would be FreeBSD.  Think about it.....
http://www.nvl.virginia.edu/     ->|      http://www.freebsd.org/