From owner-freebsd-arch  Fri Feb 23 11:35: 0 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9])
	by hub.freebsd.org (Postfix) with ESMTP id 2092837B491
	for <arch@FreeBSD.ORG>; Fri, 23 Feb 2001 11:34:58 -0800 (PST)
	(envelope-from jlemon@flugsvamp.com)
Received: (from jlemon@localhost)
	by prism.flugsvamp.com (8.11.0/8.11.0) id f1NJYAq89801;
	Fri, 23 Feb 2001 13:34:10 -0600 (CST)
	(envelope-from jlemon)
Date: Fri, 23 Feb 2001 13:34:10 -0600
From: Jonathan Lemon <jlemon@flugsvamp.com>
To: Kris Kennaway <kris@obsecurity.org>
Cc: arch@FreeBSD.ORG, Marcel Moolenaar <marcel@cup.hp.com>
Subject: Re: sysctl kern.fallback_elf_brand
Message-ID: <20010223133410.O5714@prism.flugsvamp.com>
References: <3A960EF8.75C3FC53@cup.hp.com> <20010223042641.B2539@dragon.nuxi.com> <20010223113155.B73221@mollari.cthul.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <20010223113155.B73221@mollari.cthul.hu>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Feb 23, 2001 at 11:31:56AM -0800, Kris Kennaway wrote:
> On Fri, Feb 23, 2001 at 04:26:41AM -0800, David O'Brien wrote:
> > On Thu, Feb 22, 2001 at 11:19:20PM -0800, Marcel Moolenaar wrote:
> > > One problem with this is that unbranded static Linux binaries are
> > > executed as FreeBSD native binaries and there's a high chance of them
> > > rebooting the machine if run as root.
> > 
> > I've never seen that.  Everyone I've every tried just dumped core.  Have
> > you really seen running one reboot the machine?
> 
> Yes.  This was under 4.2-STABLE.  Unfortunately, I can't remember off
> the top of my head what the binary was - something extracted from a
> redhat 6.2 RPM, I think.  Have you tried any statically linked
> binaries which make the correspondingly-numbered syscall (actually, I
> think mine triggered a halt, not a reboot, but they're both common
> syscall numbers)?

It's quite easy to reproduce.  Here's why:

>From sys/kern/syscalls.master:

	55      STD     BSD     { int reboot(int opt); }

>From sys/i386/linux/syscalls.master:

	55      STD     LINUX   { int linux_fcntl(int fd, int cmd, int arg); }


If you run an unbranded Linux binary, our current default assumes 
that it is a FreeBSD elf executable.  So when the Linux binary then
calls what it thinks is fcntl, it actually winds up calling reboot.

*BEWM*

To reproduce, just compile this program (statically) on a Linux box,
and then run (as root) on a FreeBSD box:

main()
{
	fcntl(0,0,0);
}

--
Jonathan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message