bing@galbp.LBP.HARRIS.COM (Bing Bang) (04/07/88)
We have just found a interesting bug in our exec system call and was wondering if any of you came across the same bug. We are working with a modified XENIX 3.0 kernel. The bug is that exec allocates a swap device page to build the args list for the program to be exec'd, but if at that moment a program opens and closes /dev/swap (like ps), that will cause the buffers for the swap device to be marked invalid. Then later on comes exec, trys to read back the arg list, but the buffer is marked invalid (still in the write que), so exec then reads garbage from the swap device and uses it as the args and the exec'd program does unpredictable acts of terrorism. I was wondering if this is a known problem, and if it has been fixed. We fixed it by addibg another bit to the struct buf. Is this a good fix? I'd appreciate mailed replies, as I seldom read news. thanks in advance -- Bing H. Bang +------------------------------------+ Harris/Lanier |Real Programmers Do Not Work For ibm| Atlanta GA +------------------------------------+