lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307091822.h69IM1Ie023114@haackey.com>
From: neeko at haackey.com (Neeko Oni)
Subject: OS X Screensaver cause..

RE: OS X screensaver..

I feel like I'm beating a dead horse here, folks, as it seems like everyone is
taking this problem far too seriously (there are limits) but..
It doesn't look like a buffer overflow at all, really.  Limited poking with
gdb and ktrace make it look like a memory allocation problem.
Few notes..
It takes me two tries to crash the screensaver on my 12" 10.2.6 (128mb) iBook.
First try, the pretty swirly graphical part dies and is reduced to an entirely
black background.  The second time I'm dropped out of the screensaver and onto 
the desktop.  
A minor dump from ktrace:
--
   551 ScreenSaverEngin GIO   fd 2 wrote 44 bytes
       "*** malloc[551]: error for object 0xf00b00: "
   551 ScreenSaverEngin RET   write 44/0x2c
   551 ScreenSaverEngin CALL  write(0x2,0x900d409c,0x6a)
   551 ScreenSaverEngin GIO   fd 2 wrote 106 bytes
       "Incorrect checksum for freed object - object was probably modified aft\
        er being freed; break at szone_error"
--
Filling the box with 'A's (on the second try, with the black background) and 
watching with gdb gives us a lot of..
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90004288 in free_list_remove_ptr ()
(gdb) next
Single stepping until exit from function free_list_remove_ptr, 
which has no line number information.

Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90004288 in free_list_remove_ptr ()
(gdb) 
And so on, and so forth.  This goes on for awhile, holding down entire
for a few minutes and it keeps going.. yawn.
--
Oh well, any else want to contribute something besides "Confirmed on xMac 
10.2.xx!!!!" or silly unfounded comments about the cause (or security in
general)?  Please do.

Apple, I've a newly found love for you.  Please give us a patch so the
FUD-spreading never-used-OS-X-'bcuz'-'MAcsRGheyDood!' flamers will go away.

.Neeko 

[Shpx Ohtgend :/]


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ