Date: Fri, 12 Dec 1997 05:48:30 GMT From: jak@cetlink.net (John Kelly) To: hackers@FreeBSD.org Subject: (fwd) Re: F00F bug *fixed* in 2.0.x kernels Message-ID: <3491cfe3.6774010@mail.cetlink.net>
next in thread | raw e-mail | index | archive | help
On 8 Dec 1997 23:11:24 GMT, in comp.os.linux.development.system torvalds@transmeta.com (Linus Torvalds) wrote: In article <vc7u3cjttap.fsf@saturn.cs.uml.edu>, Albert D. Cahalan <acahalan@saturn.cs.uml.edu> wrote: >Jerry Hicks <wghhicks@ix.netcom.com> writes: > >> Wrong again Albert... > >Nope, you are wrong. This method is a _third_ solution. > >>>> My ``fix'' is to have the IDT descriptor reference a segemnt >>>> which has a length of 0. This has the effect of mapping SIGILL >>>> into SIGBUS, so that the `cmpxchg8' crash now generates a Bus >>>> error. (I didn't bother returning the correct signal; it can >>>> probably be added if it is important) This is indeed the "FreeBSD fix". The so-called "fix" doesn't work (it appears to, for simple exploits, but it doesn't), and I _told_ some FreeBSD people so: I even sent people a test-program that will still lock up a FreeBSD system with the "fix". If they are indeed still using that fix, they are a sorry lot of incompetent idiots. Linus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3491cfe3.6774010>