From owner-freebsd-current Sat Oct 24 08:56:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA20219 for freebsd-current-outgoing; Sat, 24 Oct 1998 08:56:09 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20211 for ; Sat, 24 Oct 1998 08:56:05 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from mercury (mercury [129.127.36.44]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id BAA18754; Sun, 25 Oct 1998 01:25:31 +0930 (CST) Received: from localhost by mercury; (5.65v3.2/1.1.8.2/27Nov97-0404PM) id AA00791; Sun, 25 Oct 1998 01:25:30 +0930 Date: Sun, 25 Oct 1998 01:25:30 +0930 (CST) From: Kris Kennaway To: Don Lewis Cc: current@FreeBSD.ORG Subject: Re: nestea v2 against freebsd 3.0-Release (fwd) In-Reply-To: <199810240856.BAA23322@salsa.gv.tsc.tdk.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 24 Oct 1998, Don Lewis wrote: > } rootshell.com has a .tgz containing a linux compiled binary - that's the one I > } ran [1]. Perhaps it was the linuxulator which crashed me, instead of what the > } program itself did. > > Could be. Can you get a stack trace, either with DDB, or with a crash dump > and gdb? GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc... IdlePTD 2801664 initial pcb at 257b1c panicstr: from debugger panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x13 fault code = supervisor read, page not present instruction pointer = 0x8:0xf0180ebc stack pointer = 0x10:0xf2c7dd3c frame pointer = 0x10:0xf2c7dd60 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 353 (nestea2) interrupt mask = panic: from debugger Fatal trap 12: page fault while in kernel mode fault virtual address = 0x13 fault code = supervisor read, page not present instruction pointer = 0x8:0xf0180ebc stack pointer = 0x10:0xf2c7dd3c frame pointer = 0x10:0xf2c7dd60 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 353 (nestea2) interrupt mask = Fatal trap 12: page fault while in kernel mode fault virtual address = 0x13 fault code = supervisor read, page not present instruction pointer = 0x8:0xf0180ebc stack pointer = 0x10:0xf2c7dd3c frame pointer = 0x10:0xf2c7dd60 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 353 (nestea2) interrupt mask = panic: from debugger dumping to dev 30001, offset 39104 dump 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 boot (howto=260) at ../../kern/kern_shutdown.c:268 268 dumppcb.pcb_cr3 = rcr3(); (kgdb) where #0 boot (howto=260) at ../../kern/kern_shutdown.c:268 #1 0xf012f5e8 in at_shutdown (function=0xf0227772 , arg=0xf2c7dc34, queue=-267277140) at ../../kern/kern_shutdown.c:430 #2 0xf011acfd in db_panic (addr=-266858820, have_addr=0, count=-1, modif=0xf2c7dbbc "") at ../../ddb/db_command.c:432 #3 0xf011acac in db_command (last_cmdp=0xf0240c34, cmd_table=0xf0240a94, aux_cmd_tablep=0xf02550b4) at ../../ddb/db_command.c:332 #4 0xf011ad62 in db_command_loop () at ../../ddb/db_command.c:454 #5 0xf011d4f3 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71 #6 0xf01e545d in kdb_trap (type=12, code=0, regs=0xf2c7dd00) at ../../i386/i386/db_interface.c:157 #7 0xf01f13eb in trap_fatal (frame=0xf2c7dd00) at ../../i386/i386/trap.c:874 #8 0xf01f10e4 in trap_pfault (frame=0xf2c7dd00, usermode=0) at ../../i386/i386/trap.c:772 #9 0xf01f0d27 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -263534592, tf_esi = -263533804, tf_ebp = -221782688, tf_isp = -221782744, tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -266858820, tf_cs = 8, tf_eflags = 66118, tf_esp = -263533804, tf_ss = -266075918}) at ../../i386/i386/trap.c:396 #10 0xf0180ebc in ip_reass (m=0xf04ac800, fp=0xf04acb14, where=0xf025bfc8) at ../../netinet/ip_input.c:802 #11 0xf0180c3f in ip_input (m=0xf04ac800) at ../../netinet/ip_input.c:585 #12 0xf0181bdb in ipintr () at ../../netinet/ip_input.c:669 #13 0xf01e72c9 in swi_net_next () #14 0xf0148c40 in sendit (p=0xf2c69880, s=3, mp=0xf2c7debc, flags=0) at ../../kern/uipc_syscalls.c:484 #15 0xf0148e8b in sendmsg (p=0xf2c69880, uap=0xf2c7defc) at ../../kern/uipc_syscalls.c:632 #16 0xf0222a5b in linux_sendto_hdrincl (p=0xf2c69880, bsd_args=0xf2c7df1c) at ../../i386/linux/linux_socket.c:245 #17 0xf0223435 in linux_socketcall (p=0xf2c69880, args=0xf2c7df84) at ../../i386/linux/linux_socket.c:624 #18 0xf01f15f7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -272639092, tf_esi = 0, tf_ebp = 16, tf_isp = -221782060, tf_ebx = 11, tf_edx = 11, tf_ecx = -272639160, tf_eax = 102, tf_trapno = 12, tf_err = 2, tf_eip = 671593638, tf_cs = 31, tf_eflags = 534, tf_esp = -272639180, tf_ss = 39}) at ../../i386/i386/trap.c:1031 #19 0xf01e5dec in Xint0x80_syscall () Cannot access memory at address 0x10. (kgdb) quit > } [1] This might not have been so bright :-) > > Hmn, yes. Running binaries of unknown origin as root. I wonder what > backdoors it installed ... Would be interesting if it installed some linux backdoor and the emulator emulated it enough to work :-) I'm not all that worried in this case, though Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message