> > ObBugQ: Anyone know just what the SPARC integer divide bug is? I've > got copies of the relevant kernel .o files both before and after the > patch, but haven't gotten around to disassembling and uncompiling > enough to figure out what's wrong yet. It's a bug that shows up in OS after OS...something similar was found during the development of Multics and fixed then, according to the accounts I read. It reappeared in SunOS, I suspect, because of engineers who aren't taught history, security, or good testing methods, and who think that Unix is synonomous with "operating systems." It's an example of why the "bug of the week" approach to getting better security won't ever solve our problems. Oh, the nature of the bug? The long divide is not in hardware on some SPARC chips; the OS does an emulation trap. The code there verifies the level of user privilege for storing the quotient in the given address, but fails to verify the privileges for the remainder address. As the emulation trap is processed in a privileged state, it gets to store arbitrary remainders into arbitrary addresses selected by the user. You cannot fix it without source code or the vendor patch. You can't monitor the logs for someone trying to exploit it, either (if they're halfway careful about it). --spaf