[EROS-Arch] EROS security bug
Charles Landau
clandau@macslab.com
Fri, 09 Mar 2001 21:51:19 -0800
OC_Process_Swap(ProcPCandSP) allows you to write any value to the CS and
SS registers, including any Current Privilege Level. tests/func/memmap
is a new test that crashes at
http://www.eros-os.org/eros-src/sys/arch/i486/kernel/IntTrap.cxx#188 as
a result.
Jonathan, I don't know what your preference would be to fix this. I know
you wanted to keep the ProcPCandSP slot exposed for some reason. It
would be simple enough to force the CS and SS to safe values. It would
also be simple to disallow writing to this slot and force the user to
use OC_SetRegs32 to write the PC and SP.