From owner-freebsd-hackers Thu Dec 11 21:20:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA18857 for hackers-outgoing; Thu, 11 Dec 1997 21:20:14 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from ns2.cetlink.net (root@ns2.cetlink.net [209.54.54.20]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA18845 for ; Thu, 11 Dec 1997 21:20:06 -0800 (PST) (envelope-from jak@cetlink.net) Received: from hot1.auctionfever.com (ts1-cltnc-46.cetlink.net [209.54.58.46]) by ns2.cetlink.net (8.8.5/8.8.5) with SMTP id XAA29951 for ; Thu, 11 Dec 1997 23:47:31 -0500 (EST) From: jak@cetlink.net (John Kelly) To: hackers@FreeBSD.org Subject: (fwd) Re: F00F bug *fixed* in 2.0.x kernels Date: Fri, 12 Dec 1997 05:48:30 GMT Message-ID: <3491cfe3.6774010@mail.cetlink.net> X-Mailer: Forte Agent 1.01/16.397 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id VAA18849 Sender: owner-freebsd-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On 8 Dec 1997 23:11:24 GMT, in comp.os.linux.development.system torvalds@transmeta.com (Linus Torvalds) wrote: In article , Albert D. Cahalan wrote: >Jerry Hicks writes: > >> Wrong again Albert... > >Nope, you are wrong. This method is a _third_ solution. > >>>> My ``fix'' is to have the IDT descriptor reference a segemnt >>>> which has a length of 0. This has the effect of mapping SIGILL >>>> into SIGBUS, so that the `cmpxchg8' crash now generates a Bus >>>> error. (I didn't bother returning the correct signal; it can >>>> probably be added if it is important) This is indeed the "FreeBSD fix". The so-called "fix" doesn't work (it appears to, for simple exploits, but it doesn't), and I _told_ some FreeBSD people so: I even sent people a test-program that will still lock up a FreeBSD system with the "fix". If they are indeed still using that fix, they are a sorry lot of incompetent idiots. Linus