Date: Wed, 12 Nov 97 10:15 PST From: Randy Bush <randy@psg.com> gated does not have that illegal instruction sequence in it. compilers don't generate it. httpd does not have the sequence. Even on closed systems, the exposed daemons (sendmail/smap, httpd, gated, inetd) can not be safely said to not have buffer overflow holes, as new ones are found periodically. What this means is that anyone can overflow a buffer into stack space and pop code in in place of a return.... whereas the threat profile this used to present was that someone could go through all sorts of gyrations, upload a tiny exploit to hack root, etc., the threat profile it now presents is quite a bit more serious -- they now have the functional equivalent of a user-mode "halt" instruction. While you used to be fairly safe if you ran smap (for instance; i don't know of any specific holes in smap) in a chrooted jail, now that defense doesn't stop some punk from kicking your butt offline. While I'd rather see this thread continued in more appropriate fora, I observe that Intel hardware has found its way into my infrastructure (and I'd suspect the infrastructure of even some large ISPs) because its excellent price-performance figures allow us to swallow our pride (and distaste at certain aspects of the architecture) and deploy them in a production environment. Because of the potential operational impact of this misfeature, I must concede that nanog is not a wholly inappropriate forum for this discussion and I must politely disagree with my esteemed colleague from Washington State. ;-) ---Rob