[320] in linux-security and linux-alert archive
Security Problem with DOSEMU
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Mon Aug 14 06:59:04 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Sat, 12 Aug 1995 20:14:37 +0200 (MET DST)
Cc: deisher@enws261.EAS.ASU.EDU
Hello all,
Matt Welsh just forwarded me another post by Frank Lofaro. Can anyone
confirm or deny this? I don't even understand what his code's doing...
Olaf
------------------------------------------------------------------
> From: ftlofaro@unlv.edu (Frank T Lofaro)
> [1] Serious Linux DOSEMU security hole
> Date: Tue Aug 08 03:10:06 EDT 1995
> Organization: University of Nevada, Las Vegas
> Lines: 21
> Keywords: Linux, DOSEMU, security hole
>
> There is a SERIOUS security hole in Linux DOSEMU!
>
> Even with the administrator turning off all port access, users can
> ACCESS ANY PORT THEY WANT! READ/WRITE! Thus can hose things, reboot,
> etc.
>
> Here's how:
>
> mov ax, 3
> mov bx, start_port
> mov cx, number_of_ports
> set carry to get access, clear to reliquish access
> int 0xe6
>
> and there appears to be no way to disable it.
>
> I am posting more detailed info in comp.os.linux.development.system
>
> This one seems worse than the rcently mentioned chfn hole.
>
> ObHack: Finding this security hole when idly perusing the DOSEMU source!
>
>
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
