[EROS-Arch] EROS security bug
Jonathan S. Shapiro
shap@cs.jhu.edu
Tue, 13 Mar 2001 11:33:09 -0500
It shouldn't be continuing after the segment fault. Is a different
process getting the seg fault than the one that has the 0 CS value?
Charles Landau wrote:
>
> "Jonathan S. Shapiro" wrote:
>
> > A segment selector of zero indicates a "null" segment, which is always a
> > valid value but not usually a value that will allow the program to make
> > progress. The bug was that the sa_IsKernel test wasn't checking for the
> > zero value correctly, and therefore was dispatching the process on the
> > "it's a kernel process" mis-theory.
> >
> > Your test case now generates a segment fault, which is puzzling, because
> > it should probably generate a bad segment register value. I need to look
> > into this further.
>
> The segment fault is correct; it's referencing a nonexistent address. If
> you continue from there, the test case will write a null CS, and the
> process (at OID 0x101) will get a GP fault. Whether that's the expected
> behavior, I don't know.
>
> > Charles Landau wrote:
> > >
> > > I don't understand the x86 memory architecture and I'm not sure I want
> > > to learn. Your fix continues to accept a zero CS, and apparently
> > > that's OK. So there was only one bug.
> > >
>
> _______________________________________________
> eros-arch mailing list
> eros-arch@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/eros-arch