[rc5] Win32 GUI client is a trojan?

Joseph Fisk joe at rm405n-a.roberts.fit.edu
Sun Nov 9 15:26:04 EST 1997


On Sun, 9 Nov 1997, Tim Charron wrote:

> Agreed.  However, it wouldn't be unreasonable to ask your sysadmin to 
> set up a unix account that had basically no access to anything.  It 
> would allow rc5 to be run on that machine, and there would be no 
> possibility for malicious activity.

On a related topic, a new P5 bug has been discovered.  Look at
www.news.com for vague info.

If you want _specific info:  There is an unprotected instruction on the
P5, 0x0ff0c7c8, which will lock it hard.

In other words, ANY user on ANY P5 system can bring it down simply by
executing the instruction.

Example source:

long main[] = { 0xc8c70ff0 };


This is not dependent on the OS or any other factor; it's a P5 bug.

The point, in this case anyway, is that a client with this instruction
could affect a system even with no other priveledges.

Joseph

**************************************************************************
** C. Joseph Fisk (mdmbkr)                           mdmbkr at chillin.org **
** Visit http://www.distributed.net - the world's fastest supercomputer **
**************************************************************************


----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list