Re: [Fwd: NOTE: Solaris 7 gotcha for some ultras]

solarFALSE.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Roman Drahtmueller: "Re: world-readable shadow backups in SuSe 5.2"
• Previous message: Soren Spies: "Re: Netscape "What's Related" (summary)"
• In reply to: Alan Cox: "Re: [Fwd: NOTE: Solaris 7 gotcha for some ultras]"
• Next in thread: Tabor J. Wells: "Re: [Fwd: NOTE: Solaris 7 gotcha for some ultras]"

Disclaimer: Everything I'm saying below is pure speculation. I'll appreciate
any corrections.

> If they worked around it I'd be more impressed, if they shipped replacement
> CPU's I'd be even more impressed still. The ultrasparc was advertised as
> a 64bit CPU, people did buy them on that basis.

This brings me to a question: what's so special about the 64-bit mode in
the kernel that makes this bug exploitable? It's a user space instruction
that crashes the system, right? We were able to use 64-bit operations on
Solaris 2.5 (well, I did on a 2.5.1) with hand-written assembly. (Top 32
bits of some of the registers were getting lost at context switches.)

So, I see two possibilities: either the bug is in fact still exploitable
in 32-bit mode, too (but possibly not by a C source), or it is related to
one of the following:

1. Full 64-bit virtual addresses.
2. Register windows.
3. Are there any other possibilities?

It is entirely possible that I'm missing something here. It would be nice
if someone from Sun could clarify which property of the 64-bit support in
the kernel makes this bug unexploitable.

Signed,
Solar Designer

• Next message: Roman Drahtmueller: "Re: world-readable shadow backups in SuSe 5.2"
• Previous message: Soren Spies: "Re: Netscape "What's Related" (summary)"
• In reply to: Alan Cox: "Re: [Fwd: NOTE: Solaris 7 gotcha for some ultras]"
• Next in thread: Tabor J. Wells: "Re: [Fwd: NOTE: Solaris 7 gotcha for some ultras]"