This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Serious Linux DOSEMU security hole
Article: 8409 of alt.hackers From: ftlofaro@unlv.edu (Frank T Lofaro) Newsgroups: alt.hackers Subject: Serious Linux DOSEMU security hole Date: 8 Aug 1995 07:10:06 GMT Organization: University of Nevada, Las Vegas Lines: 21 Approved: Communications_Decency_Enforcement@cda.fcc.gov Message-ID: 4072ke$7h3@news.nevada.edu NNTP-Posting-Host: pioneer.nevada.edu Keywords: Linux, DOSEMU, security hole Status: RO
There is a SERIOUS security hole in Linux DOSEMU! Even with the administrator turning off all port access, users can ACCESS ANY PORT THEY WANT! READ/WRITE! Thus can hose things, reboot, etc. Here's how: mov ax, 3 mov bx, start_port mov cx, number_of_ports set carry to get access, clear to reliquish access int 0xe6 and there appears to be no way to disable it. I am posting more detailed info in comp.os.linux.development.system This one seems worse than the rcently mentioned chfn hole. ObHack: Finding this security hole when idly perusing the DOSEMU source!