Re: New pentium bug workaround - please test..

Pavel Machek (pavel@Elf.mj.gts.cz)
Wed, 19 Nov 1997 12:00:29 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bernhard Rosenkraenzer: "2.1.65: sync (ext2) broken."
Previous message: Jauder Ho: "Re: Pentium memcpy patch for 2.1.63-VGER"

> Hi!

> The new workaround actually depends on the Intel bug not only forgetting
> to clear the "lock" state of the instruction, it also forgets to clear the
> fact that the instruction tries to do a read-modify-write cycle. So it
> will not only do the IDT access as a locked cycle, it will do it as a
> locked cycle that requires write permissions..

Is it possible to abuse this bug (or something similar) to actually
*WRITE* something into IDT? For now, we have DoS attack on pentium,
writing there would (maybe) give you Ring 0, which means root which
means hacked machine...
Pavel

PS: FOrtunately I've AMD486 ;-).

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

Next message: Bernhard Rosenkraenzer: "2.1.65: sync (ext2) broken."
Previous message: Jauder Ho: "Re: Pentium memcpy patch for 2.1.63-VGER"