[Fwd: [EROS-Arch] EROS security bug]
Jonathan S. Shapiro
shap@cs.jhu.edu
Tue, 13 Mar 2001 07:49:31 -0500
Charlie:
Could you try to get into the habit of sending these to eros-arch? I'ld
really like them archived. If we don't want to clutter eros-arch, I'ld
be happy to create eros-bug, but eros-bug will get created anyway when
bugzilla comes online. I'm hopeful that we'll get the mysql database
installed by Wednesday, and bugzilla by end of week.
Jonathan
"Jonathan S. Shapiro" wrote:
>
> A segment selector of zero indicates a "null" segment, which is always a
> valid value but not usually a value that will allow the program to make
> progress. The bug was that the sa_IsKernel test wasn't checking for the
> zero value correctly, and therefore was dispatching the process on the
> "it's a kernel process" mis-theory.
>
> Your test case now generates a segment fault, which is puzzling, because
> it should probably generate a bad segment register value. I need to look
> into this further.
>
> Jonathan
>
> Charles Landau wrote:
> >
> > I don't understand the x86 memory architecture and I'm not sure I want
> > to learn. Your fix continues to accept a zero CS, and apparently
> > that's OK. So there was only one bug.
> >