lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5a20704e0705250357j3b45e0dpb6d3d0d907af4da3@mail.gmail.com>
Date:	Fri, 25 May 2007 06:57:33 -0400
From:	"In Cognito" <defend.the.world@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: ptrace still broken- PTRACE_CONT trap flag, and debug state

Hello,

main(){
__asm__("pushf\r\n"
               "popf\r\n"
              );
}

Single stepping through the "pushf" instruction and then attempting to
PTRACE_CONT will generate SIGTRAPs at each instruction. Although the
trap flag appears to not be set according to GETREG values, the pushf
will push a value with the TF bit on, which is then restored with
popf...

Here's an example of single stepping on a 2.6.8 and the trap flag
(uppercase letter means enabled):

8048351: push %ecx.
  eax=bffff7cc ebx=40146adc ecx=bffff740 edx=00000001
  esi=bffff7c4 edi=bffff750 ebp=bffff728 esp=bffff724
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id]

8048352: pushf .
  eax=bffff7cc ebx=40146adc ecx=bffff740 edx=00000001
  esi=bffff7c4 edi=bffff750 ebp=bffff728 esp=bffff720
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id]

8048353: popf .
  eax=bffff7cc ebx=40146adc ecx=bffff740 edx=00000001
  esi=bffff7c4 edi=bffff750 ebp=bffff728 esp=bffff724
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id]

8048354: pop %ecx.
  eax=bffff7cc ebx=40146adc ecx=bffff740 edx=00000001
  esi=bffff7c4 edi=bffff750 ebp=bffff728 esp=bffff728
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id]



and a 2.6.20



8048351: push %ecx.
  eax=bfcff654 ebx=b7f52ff4 ecx=bfcff5d0 edx=00000001
  esi=b7f80ce0 edi=00000000 ebp=bfcff5b8 esp=bfcff5b4
  flags= [c] [P] [a] [z] [S] [t] [I] [df] [id] 286

8048352: pushf .
  eax=bfcff654 ebx=b7f52ff4 ecx=bfcff5d0 edx=00000001
  esi=b7f80ce0 edi=00000000 ebp=bfcff5b8 esp=bfcff5b0
  flags= [c] [P] [a] [z] [S] [t] [I] [df] [id] 286

8048353: popf .
  eax=bfcff654 ebx=b7f52ff4 ecx=bfcff5d0 edx=00000001
  esi=b7f80ce0 edi=00000000 ebp=bfcff5b8 esp=bfcff5b4
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id] 386

8048354: pop %ecx.
  eax=bfcff654 ebx=b7f52ff4 ecx=bfcff5d0 edx=00000001
  esi=b7f80ce0 edi=00000000 ebp=bfcff5b8 esp=bfcff5b8
  flags= [c] [P] [a] [z] [S] [T] [I] [df] [id] 386



I'm not sure where along the line this was broken but it looks like
there were more than a few changes...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ