Исходное сообщение
"Линус Торвальдс столкнулся с дилеммой: устранение..." Отправлено arisu, 26-Янв-15 11:27
>>>>> No, we are not doing anything undocumented. [...] «Tracked this down to something else actually.. we were requesting an LDT slot in a seperate call with an otherwise-zeroed user_desc. This is apparently now illegal.» oops. and: «as the offending kernel developer, I can explain my agenda :) I was chasing down some really nasty segmentation-related issues (CVE-2014–9090, CVE-2014–9322, and others), and, in the process, I discovered that set_thread_area could be abused to do things that it was never intended to allow, and that some of those things were actively dangerous.» … «Unfortunately, I didn't realize that bzeroing a struct user_desc and passing it into set_thread_area would have worked in the past and now would fail.» … «Actually, you were successfully running the first part of a kernel exploit, as the all-zero user_desc corresponds to a descriptor that, due to a really old design error on Intel's part, causes problems in the GDT. Congrats! The next step in the exploit would be to load the corresponding selector into SS and do an int 80 or otherwise trap into the kernel by any means other than a fast system call. So I either had to block the exploit on exit from the kernel, which would slow everything down and add a bunch of complexity, or I had to change set_thread_area.» oops. this WAS undocumented and very arch-specific. oops.

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:
	Введите код, изображенный на картинке: