From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Oct 25 17:51:16 2006
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id k9P8pGK05754;
	Wed, 25 Oct 2006 17:51:16 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ns.crs.co.jp (ns.crs.co.jp [202.214.152.13])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id k9P8pFw05749
	for <freebsd-users-jp@jp.freebsd.org>; Wed, 25 Oct 2006 17:51:15 +0900 (JST)
	(envelope-from 1yen@sh.rim.or.jp)
Received: from ycc.crs.co.jp (unknown [192.168.30.205])
	by ns.crs.co.jp with ESMTP id 554BCBC3D4
	for <freebsd-users-jp@jp.freebsd.org>;
	Wed, 25 Oct 2006 17:50:48 +0900 (JST)
Received: from ([192.168.30.202])
	by smail.ycc.crs.co.jp with ESMTP  id KP-GTV61.2648022;
	Wed, 25 Oct 2006 17:50:48 +0900
Received: from inns.ycc.crs.co.jp (localhost [127.0.0.1])
	by localhost.crs.co.jp with ESMTP id B0645124015
	for <FreeBSD-users-jp@jp.FreeBSD.org>;
	Wed, 25 Oct 2006 17:50:48 +0900 (JST)
Received: from crcc1712.tky.crc.co.jp (localhost [127.0.0.1])
	by inns.ycc.crs.co.jp with ESMTP id 9EEF6124014
	for <FreeBSD-users-jp@jp.FreeBSD.org>;
	Wed, 25 Oct 2006 17:50:48 +0900 (JST)
Received: from [127.0.0.1] ([157.113.224.205])
	by crcc1712.tky.crc.co.jp (8.13.6/8.13.6) with ESMTP id k9P8ogB1069323
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 25 Oct 2006 17:50:48 +0900 (JST)
	(envelope-from 1yen@sh.rim.or.jp)
From: NAKAMURA Takeshi <1yen@sh.rim.or.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <453F0C09.1060507@cty-net.ne.jp>
References: <20061025141425.2A41.1YEN@sh.rim.or.jp> <453F0C09.1060507@cty-net.ne.jp>
X-Mailer-Plugin: BkASPil for Becky!2 Ver.2.068
Message-Id: <20061025164521.2A47.1YEN@sh.rim.or.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.27 [ja]
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 25 Oct 2006 17:50:48 +0900
X-Sequence: FreeBSD-users-jp 90113
Subject: [FreeBSD-users-jp 90113] Re: core =?ISO-2022-JP?B?GyRCJHIbKEI=?=
 =?ISO-2022-JP?B?GyRCRUckKyQ7JGskSyRPISkbKEI=?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: 1yen@sh.rim.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$BCgB<$G$9(B

 $B$=$&$$$($P!"(Bsigaction $B$H$+;H$C$F=q$3$&$H$7$F:C@^$7$?5-21$,$"$j$^$9(B...
# C$B8@8l$O:C@^$7$?5-21$7$+$"$j$^$;$s(B($B>P(B)

 grep $B$7$F8+$F$_$k$H(B SIG_register $B$H$$$&(B wrap $B4X?t$G(B SIGABRT, SIGHUP, SIGINT, SIGQUIT, SIGPIPE, SIGTERM
$B$"$?$j$r=&$C$F$$$k$_$?$$$G$9$,!"(BSIGSEGV $B$O=&$C$F$J$$$G$9$M!#(B

cvsnt $B$N(B source $B$r(B grep $B$7$F$_$?$H$3$m!"(B
% grep -r SIGSEGV .
./plink/putty/unix/pty.c:                   putty_signal(SIGSEGV, fatal_sig_handler);

 $B=&$C$F$J$5$=$&$G$9$M$'!#(B
(plink $B$O(B ssh $B$H$+(B telnet, rsh $B$N%/%i%$%"%s%H$K$J$k0Y$G!"(B
 $B$-$C$H(B pserver $B$K$O;H$o$l$F$$$J$$$O$:!#(B)



1. inetd $B$+$i5/F0$5$l$k%/%i%$%"%s%H$O(B core $B$rEG$/!)(B
   core $B$rEG$/%W%m%0%i%`$r(B inetd $B$KEPO?!#(B
   telnet $B$G7R$0(B ==> kernel: pid 69060 (a.out), uid 0: exited on signal 11 (core dumped)
   / $B$K(B core $B$rEG$-$^$7$?!#(B core dumped $B$HI=<($5$l$F$^$9$M$'(B...

  #include <stdio.h>
  main()
  {
    char *p;
    p = (char *)65536; /* $BMn$A$l$P$$$$$N$GBg$-$a$N?t;z$rE,Ev$K(B */

    printf("%s\n",p);
  }


2. setuid $B$9$k(B $B%W%m%0%i%`$O(B core $B$rEG$/$N$+!)(B
    ==> kernel: pid 69141 (a.out), uid 1001: exited on signal 11
   core $B$OEG$-$^$;$s$G$7$?!#(B 
   $B$3$3$G!"(Bcore $B$rEG$/$h$&$K(B OS $B$r@_Dj$G$-$l$P$$$$$H;W$&$N$G$9$,(B...

  #include <stdio.h>
  #include <sys/types.h>
  #include <unistd.h>
  main()
  {
    char *p;
    p = (char *)65536;

    setuid((uid_t) 1001);
    printf("%s\n",p);
  }


 $B2?$+!"<j$O$J$$$G$7$g$&$+!#(B
# $BF0$$$F$$$k%W%m%;%9$K(B gdb $B$+$i(B atach $B$7$F$b(B detach $B$5$l$^$9$7(B...

On Wed, 25 Oct 2006 16:02:33 +0900,
 Kouji Ito <kouji@cty-net.ne.jp> wrote:

>>  $B$&!A$s!#(Bcvsnt $B$,<+J,$G(B core $B$rEG$+$J$$$h$&$K$7$F$$$k$N$@$m$&$+!)(B
> 
> $B$"!<!"$=$&$+$b!#(B
> signal 11 $B$r<+J,$GJa$^$($F!"(Bexit() $B$7$F$k$H(Bcore$BEG$+$J$$$+$b!#(B
----+----1----+----2----+----3----+----4----+----5----+----6----+----7----+
 $B4X@>2-Fl$N=8$$(B $B$,$8$^$k$N2q(B $B<jEA$$(B $B0l?M$@$1$N>!<j$K?@F`@n;YIt(B
 $BCgB<(B $BIp(B <1yen@sh.rim.or.jp>

