Informationen zu 'crashme' ???
Christoph Eckert
bin kuerzlich auf ein prograemmchen namens 'crashme' (getarnt
als 'mailx' :-) gestossen...
es handelt sich dabei um version 1.4 vom 29.august 1991.
author ist ein herr namens George J. Carrette.
habs mal unter uid=test gid=user ohne argumente aufgestartet.
resultat: crashme <nbytes> <srand> <ntrys> [nsub]
mal soviel. kennt jemand das programm und seinen genauen zweck?
gruss
Christoph Eckert, XGP-CH
--
Chris Eckert, XGP Switzerland
Internet E-Mail: ch...@ixgch.imp.com
Phone (voice): +41-61 8115635 / Phone (data): +41-61 8115492 (-V.22bis)
Slogan: "The only thing human beings master perfectly is KILLING." (F.Zappa)
& Remember: I have to pay for every single bit of mail data!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++ 700 Years Confoederatio Helvetica - A Reason to celebrate. +++++++
+++++++++++++++++++ All ludicrous grousers: Give up!!! +++++++++++++++++++
Frank Kaefer
|bin kuerzlich auf ein prograemmchen namens 'crashme' gestossen
|es handelt sich dabei um version 1.4 vom 29.august 1991.
|kennt jemand das programm und seinen genauen zweck?
Das Prograemmchen ist recht simpel und daher gerade so genial.
Hier ein Auszug aus dem Prgramm, der erklaert, wie es funktioniert:
-----------------------------------------------------------------------------
A signal handler is set up so that in most cases the machine exception
generated by the illegal instructions, bad operands, etc in the procedure
made up of random data are caught; and another round of randomness may
be tried. Eventually a random instruction may corrupt the program or
the machine state in such a way that the program must halt. This is
a test of the robustness of the hardware/software for instruction
fault handling.
Note: Running this program just a few times, using total CPU time of
less than a few seconds SHOULD NOT GIVE YOU ANY CONFIDENCE in system
robustness. Having it run for hours, with tens of thousands of cases
would be a different thing.
-----------------------------------------------------------------------------
Da das Programm so kurz ist, hier ein Repost der aktuellen Version.
Gruss,
Frank.
#!/bin/sh
# This is a shell archive (produced by shar 3.49)
# To extract the files from this archive, save it to a file, remove
# everything above the "!/bin/sh" line above, and type "sh file_name".
#
# made 10/13/1991 10:52 UTC by fkk@stasys
# Source directory /sd2/pub
#
# existing files will NOT be overwritten unless -c is specified
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 2430 -rw-r--r-- crashme/crashme.1
# 13087 -rw-r--r-- crashme/crashme.c
# 84 -rw-r--r-- crashme/crashme.opt
# 690 -rw-r--r-- crashme/descrip.mms
# 82 -rw-r--r-- crashme/makefile
# 2845 -rw-r--r-- crashme/read.me
#
# ============= crashme/crashme.1 ==============
if test ! -d 'crashme'; then
echo 'x - creating directory crashme'
mkdir 'crashme'
fi
if test -f 'crashme/crashme.1' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/crashme.1 (File already exists)'
else
echo 'x - extracting crashme/crashme.1 (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/crashme.1' &&
.TH CRASHME 1C LOCAL
.SH NAME
crashme \- test operating environment software robustness
.SH SYNOPSIS
.B crashme
[NBYTES] [SRAND] [NTRYS] [NSUB] [VERBOSE]
.SH DESCRIPTION
.I crashme
is a very simple program that tests the operating environment's
robustness by invoking random data as if it were a procedure.
The standard signals are caught and handled with a setjmp back
to a loop which will try again to produce a fault by executing
random data.
X
.RE
.SS COMMAND LINE OPTIONS
.TP 8
.BI [NBYTES]
The
.I [NBYTES]
should be an integer, specifying the size of the random data string
in bytes. If given negative then the bytes are printed instead of
being executed. If given with an explicit plus sign then the
storage for the bytes is freshly malloc'ed each time. This can have an
effect on machines with seperate I and D cache mechanisms.
.TP
.BI [SRAND]
The
.I [SRAND]
is an input seed to the random number generator, passed to srand.
.TP
.BI [NTRIES]
The
.I [NTRIES]
is how many times to loop before exiting normally from the program.
.TP
.BI [NSUB]
The
.I [NSUB] is optional, the number of vfork subprocesses running at once.
If given as negative the number of vfork subprocesses to run, one after
another. If given as a time hrs:mns:scs (hours, minutes, seconds) then
one subprocess will be run to completion, followed by another, until
the time limit has been reached.
X
When in sequential-subprocess mode there is a 3 minute time limit on
each subprocess. This is to allow the instruction-set-space random
walk to continue when a process bashes itself into an infinite loop.
For example, the ntrys can be bashed to a very large number with
nbytes bashed to zero.
X
The SRAND argument is incremented by one for each subprocess.
X
.TP
.BI [VERBOSE]
The
.I [VERBOSE] arg is optional. 0 is the least verbose, 5 the most.
X
.SH EXAMPLE
This is a suggested test, to run it for a least an hour.
X
crashme +2000 666 100 1:00:00
X
.SH FILES
crashme.c
.PD
.SH DIAGNOSTICS
When a signal is caught the number and nature of the signal is indicated.
.SH BUGS
Not all signals are caught, and the state of the user program/process
enviroment can be sufficiently damaged such that the program terminates
before going through all [NTRIES] operations.
X
Beware: This program can crash your computer if the
operating system or hardware of same is buggy. User data may be lost.
.SH AUTHOR
George J Carrette. GJC\@MITECH.COM
.SH VERSION
1.8 27-SEP-1991
SHAR_EOF
chmod 0644 crashme/crashme.1 ||
echo 'restore of crashme/crashme.1 failed'
Wc_c="`wc -c < 'crashme/crashme.1'`"
test 2430 -eq "$Wc_c" ||
echo 'crashme/crashme.1: original size 2430, current size' "$Wc_c"
fi
# ============= crashme/crashme.c ==============
if test -f 'crashme/crashme.c' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/crashme.c (File already exists)'
else
echo 'x - extracting crashme/crashme.c (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/crashme.c' &&
/* crashme: Create a string of random bytes and then jump to it.
X crashme <nbytes> <srand> <ntrys> [nsub] */
X
char *crashme_version = "1.8 27-SEP-1991";
X
/*
X * COPYRIGHT (c) 1990, 1991 BY *
X * GEORGE J. CARRETTE, CONCORD, MASSACHUSETTS. *
X * ALL RIGHTS RESERVED *
X
Permission to use, copy, modify, distribute and sell this software
and its documentation for any purpose and without fee is hereby
granted, provided that the above copyright notice appear in all copies
and that both that copyright notice and this permission notice appear
in supporting documentation, and that the name of the author
not be used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.
X
THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
HE BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
X
A signal handler is set up so that in most cases the machine exception
generated by the illegal instructions, bad operands, etc in the procedure
made up of random data are caught; and another round of randomness may
be tried. Eventually a random instruction may corrupt the program or
the machine state in such a way that the program must halt. This is
a test of the robustness of the hardware/software for instruction
fault handling.
X
Note: Running this program just a few times, using total CPU time of
less than a few seconds SHOULD NOT GIVE YOU ANY CONFIDENCE in system
robustness. Having it run for hours, with tens of thousands of cases
would be a different thing.
X
Comments may be addressed to the author at G...@MITECH.COM
X
See the documentation in crashme.1 or read this code for a description
of command line arguments to this program.
X
Version Date Description
----------------------------------------------------------------------
X 1.0 early 1990 initial hack.
X 1.1 19-SEP-1990 added more signals and an alarm to abort looping.
X 1.2 25-JUN-1991 added [nsub] to vfork multiple subprocesses of self.
X 1.3 14-AUG-1991 +nbytes malloc option, and -nsub option.
X 1.4 29-AUG-1991 fix +nbytes (subproc). Add time-driven nprocs. SIGINT.
X 1.5 3-SEP-1991 added alarm subprocess monitor to vfork_main.
X 1.6 5-SEP-1991 some systems don't have vfork, so use fork by default.
X 1.7 25-SEP-1991 verboseness level, exit summary report.
X 1.8 -SEP-1991 address page protection issues on badboy.
X
Suggested test: At least let the thing run the length of your lunch break,
in this case 1 hour, 10 minutes, and 30 seconds.
X
X crashme +2000 666 100 1:10:30 2
X
X
X CRASH REPORTS
X
Date, Machine Crashme Reported
Crashme Ver Make Model OS Version Arguments by:
------------------------------------------------------------------------------
10-JUL-90 1.0 SUN 4/110 4.1 1000 20 200 G...@paradigm.com
10-JUL-90 1.0 SUN 4/280 4.0.3 1000 20 200 G...@paradigm.com
31-JUL-90 1.0 DIGITAL DECstation 3100 100 10 10000 GAV...@ARIZONA.EDU
31-JUL-90 1.0 IBM RT 100 10 10000 GAV...@ARIZONA.EDU
X 1-AUG-90 1.0 DIGITAL DECstation 5000 10000 230 1000 hud...@scri.fsu.edu
X 3-AUG-90 1.0 Alliant FX/2800 S...@SIRIUS.HUT.FI
27-JUN-91 1.2 SUN 4/110 4.1.1 10 1000 10 L...@PARADIGM.COM
27-JUN-91 1.2 SUN 4/110 4.1.1 1000 20 200 10 L...@PARADIGM.COM
29-JUN-91 1.2 SUN 4/40C 4.1.1 9 29748 5877 4 j...@uk.ac.oxford.robots
29-JUN-91 1.2 SUN 4/60 4.1.1 9 29748 5877 4 j...@uk.ac.oxford.robots
29-JUN-91 1.2 SUN 4/100 4.1.1 9 29748 5877 4 j...@uk.ac.oxford.robots
29-JUN-91 1.2 SUN 4/65 4.1.1 9 29748 5877 4 j...@uk.ac.oxford.robots
18-JUL-91 1.2 SGI Iris4d Unix 3.3.2 1000 $$ 1000 4 tsa...@ilog.ilog.fr
29-JUL-91 1.1 IBM RS/6000 AIX 1.3 script bra...@inf.ethz.ch
X 5-SEP-91 1.6 IBM RS/6000-320 AIX 3.1.5 +2000 666 50 40:00:00 LPH
26-SEP-91 1.8 Nixdorf Targon/35 TOS3.3 script pe...@ibr.cs.tu-bs.de
X
Notes: Crashme V1.0 {1000 20 200} used to down the SUN 4/110. V1.2 does *not*
crash SUNOS 4.1.1 on the same arguments. Although using the extra argument
for subprocesses it will crash, with the console reporting:
"Bad Trap, Bad Kernel Read Fault, Bus error. Reboot"
X
Script means invoking file with many calls to crashme such as this:
#/bin/csh
crashme 1020 234 500 &
crashme 394 38484 5723 &
crashme 3784 474 474 &
crashme 437 4747 38 &
crashme 47848 4745 123 &
crashme 4747 4747 3463 &
crashme 474 46464 262 &
crashme 37 3644 3723 &
crashme 374 46464 22 &
crashme 3747 464 363 &
crashme 347 4747 44 &
crashme 37374 374 66 &
crashme 3737 474 4444 &
X
The 4-argument case of crashme could likely do as well as executing
a script.
X
*/
X
X
#include <stdio.h>
#include <signal.h>
#include <setjmp.h>
#include <time.h>
X
#ifdef pyr
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/vmmac.h>
#define strchr index
#endif
X
long nbytes,nseed,ntrys;
long malloc_flag = 0;
unsigned char *the_data;
char *note_buffer;
char *notes;
X
long verbose_level = 5;
X
void note(level)
X long level;
{if (level > verbose_level) return;
X strcat(note_buffer,"\n");
X fputs(note_buffer,stdout);}
X
jmp_buf again_buff;
X
void (*badboy)();
X
unsigned char *bad_malloc(n)
X long n;
{unsigned char *data;
X data = (unsigned char *) malloc(n);
#ifdef pyr
X if (mprotect(((int)data/PAGSIZ)*PAGSIZ, (n/PAGSIZ+1)*PAGSIZ,
X PROT_READ|PROT_WRITE|PROT_EXEC))
X perror("mprotect");
#endif
X return(data);}
X
void again_handler(sig, code, scp, addr)
X int sig, code;
X struct sigcontext *scp;
X char *addr;
{char *ss;
X switch(sig)
X {case SIGILL: ss = " illegal instruction"; break;
X case SIGTRAP: ss = " trace trap"; break;
X case SIGFPE: ss = " arithmetic exception"; break;
X case SIGBUS: ss = " bus error"; break;
X case SIGSEGV: ss = " segmentation violation"; break;
X case SIGIOT: ss = " IOT instruction"; break;
X case SIGEMT: ss = " EMT instruction"; break;
X case SIGALRM: ss = " alarm clock"; break;
X case SIGINT: ss = " interrupt"; break;
X default: ss = "";}
X sprintf(notes,"Got signal %d%s",sig,ss);
X note(5);
X longjmp(again_buff,3);}
X
set_up_signals()
{signal(SIGILL,again_handler);
X signal(SIGTRAP,again_handler);
X signal(SIGFPE,again_handler);
X signal(SIGBUS,again_handler);
X signal(SIGSEGV,again_handler);
X signal(SIGIOT,again_handler);
X signal(SIGEMT,again_handler);
X signal(SIGALRM,again_handler);
X signal(SIGINT,again_handler);}
X
compute_badboy()
{long j,n;
X n = (nbytes < 0) ? - nbytes : nbytes;
X if (malloc_flag == 1)
X {the_data = bad_malloc(n);
X badboy = (void (*)()) the_data;}
X for(j=0;j<n;++j) the_data[j] = (rand() >> 7) & 0xFF;
X if (nbytes < 0)
X {sprintf(notes,"Dump of %ld bytes of data",n);
X note(1);
X for(j=0;j<n;++j)
X {fprintf(stdout,"%3d",the_data[j]);
X if ((j % 20) == 19) putc('\n',stdout); else putc(' ',stdout);}
X putc('\n',stdout);}}
X
try_one_crash()
{if (nbytes > 0)
X (*badboy)();
X else if (nbytes == 0)
X while(1);}
X
char *subprocess_ind = "subprocess";
X
main(argc,argv)
X int argc; char **argv;
{long nsubs,hrs,mns,scs,tflag,j,m;
X note_buffer = (char *) malloc(512);
X notes = note_buffer;
X if ((argc == 7) &&
X (strcmp(argv[6],subprocess_ind) == 0))
X {sprintf(note_buffer,"Subprocess %s: ",argv[4]);
X notes = note_buffer + strlen(note_buffer);
X verbose_level = atol(argv[5]);
X sprintf(notes,"starting");
X note(3);
X old_main(4,argv);}
X else if (argc == 4)
X old_main(4,argv);
X else if ((argc == 5) || (argc == 6))
X {if (argc == 6)
X verbose_level = atol(argv[5]);
X copyright_note(1);
X if (argc < 7)
X m = argc;
X else
X m = 6;
X strcpy(notes,"crashme");
X for(j=1;j<m;++j)
X {strcat(notes," ");
X strcat(notes,argv[j]);}
X note(1);
X if (strchr(argv[4],':'))
X {sscanf(argv[4],"%d:%d:%d",&hrs,&mns,&scs);
X tflag = 1;
X nsubs = (((hrs * 60) + mns) * 60) + scs;
X sprintf(notes,"Subprocess run for %d seconds (%d %02d:%02d:%02d)",
X nsubs, hrs / 24, hrs % 24,mns,scs);}
X else
X {tflag = 0;
X nsubs = atol(argv[4]);
X sprintf(notes,"Creating %d crashme subprocesses",nsubs);}
X note(1);
X vfork_main(tflag,nsubs,argv[0],argv[1],atol(argv[2]),argv[3]);}
X else
X {sprintf(notes,"crashme <nbytes> <srand> <ntrys> [nsub] [verbose]");
X note(0);}}
X
copyright_note(n)
X long n;
{sprintf(notes,"Crashme: (c) Copyright 1990, 1991 George J. Carrette");
X note(n);
X sprintf(notes,"Version: %s",crashme_version);
X note(n);}
X
old_main(argc,argv)
X int argc;
X char **argv;
{copyright_note(3);
X nbytes = atol(argv[1]);
X if (argv[1][0] == '+') malloc_flag = 1;
X nseed = atol(argv[2]);
X ntrys = atol(argv[3]);
X sprintf(notes,"crashme %s%ld %ld %ld",
X (malloc_flag == 0) ? "" : "+",nbytes,nseed,ntrys);
X note(3);
X if (malloc_flag == 0)
X {the_data = bad_malloc((nbytes < 0) ? -nbytes : nbytes);
X badboy = (void (*)()) the_data;
X sprintf(notes,"Badboy at %d. 0x%X",badboy,badboy);
X note(3);}
X srand(nseed);
X badboy_loop();}
X
badboy_loop()
{int i;
X for(i=0;i<ntrys;++i)
X {compute_badboy();
X if (malloc_flag == 1)
X sprintf(notes,"try %ld, Badboy at %d. 0x%X",i,badboy,badboy);
X else
X sprintf(notes,"try %ld",i);
X note(5);
X if (setjmp(again_buff) == 3)
X {sprintf(notes,"Barfed");
X note(5);}
X else
X {set_up_signals();
X alarm(10);
X try_one_crash();
X sprintf(notes,"didn't barf!");
X note(5);}}}
X
long monitor_pid = 0;
long monitor_period = 10;
long monitor_limit = 18; /* 3 minute limit on a subprocess */
long monitor_count = 0;
long monitor_active = 0;
X
void monitor_fcn(sig, code, scp, addr)
X int sig, code;
X struct sigcontext *scp;
X char *addr;
{long status;
X signal(SIGALRM,monitor_fcn);
X alarm(monitor_period);
X if (monitor_active)
X {++monitor_count;
X if (monitor_count >= monitor_limit)
X {sprintf(notes,"time limit reached on pid %d 0x%X. using kill.",
X monitor_pid,monitor_pid);
X note(3);
X status = kill(monitor_pid,SIGKILL);
X if (status < 0)
X {sprintf(notes,"failed to kill process");
X note(3);}
X monitor_active = 0;}}}
X
struct status_list
{long status;
X long count;
X struct status_list *next;};
X
struct status_list *slist = NULL;
X
record_status(n)
X long n;
{struct status_list *l;
X for(l=slist;l != NULL; l = l->next)
X if (n == l->status)
X return(++l->count);
X l = (struct status_list *) malloc(sizeof(struct status_list));
X l->count = 1;
X l->status = n;
X l->next = slist;
X slist = l;
X return(1);}
X
summarize_status()
{struct status_list *l;
X sprintf(notes,"exit status ... number of cases");
X note(2);
X for(l=slist;l != NULL; l = l->next)
X {sprintf(notes,"exit status ... number of cases");
X sprintf(notes,"%11d ... %5d",l->status,l->count);
X note(2);}}
X
vfork_main(tflag,nsubs,cmd,nb,sr,nt)
X long tflag,nsubs,sr;
X char *cmd,*nb,*nt;
{long j,status,pid,n,seq,total_time,dys,hrs,mns,scs;
X char arg2[20],arg4[20],arg5[20];
X time_t before_time,after_time;
X if (tflag == 1)
X {seq = 1;
X n = 100000000;}
X else if (nsubs < 0)
X {n = -nsubs;
X seq = 1;}
X else
X {n = nsubs;
X seq = 0;}
X if (seq == 1)
X {signal(SIGALRM,monitor_fcn);
X alarm(monitor_period);}
X time(&before_time);
X sprintf(arg5,"%d",verbose_level);
X for(j=0;j<n;++j)
X {sprintf(arg2,"%d",sr+j);
X sprintf(arg4,"%d",j+1);
#ifdef VMS
X status = vfork();
#else
X status = fork();
#endif
X if (status == 0)
X {status = execl(cmd,cmd,nb,arg2,nt,arg4,arg5,subprocess_ind,0);
X if (status == -1)
X {perror(cmd);
X exit(1);}}
X else if (status < 0)
X perror(cmd);
X else
X {sprintf(notes,"pid = %d 0x%X (subprocess %d)",status,status,j+1);
X note(3);
X if (seq == 1)
X {monitor_pid = status;
X monitor_count = 0;
X monitor_active = 1;
X while((pid = wait(&status)) > 0)
X {monitor_active = 0;
X sprintf(notes,"pid %d 0x%X exited with status %d",pid,pid,status);
X note(3);
X record_status(status);}}
X if (tflag == 1)
X {time(&after_time);
X total_time = after_time - before_time;
X if (total_time >= nsubs)
X {sprintf(notes,"Time limit reached after run %d",j+1);
X note(2);
X break;}}}}
X if (seq == 0)
X while((pid = wait(&status)) > 0)
X {sprintf(notes,"pid %d 0x%X exited with status %d",pid,pid,status);
X note(3);
X record_status(status);}
X time(&after_time);
X total_time = after_time - before_time;
X scs = total_time;
X mns = scs / 60;
X hrs = mns / 60;
X dys = hrs / 24;
X scs = scs % 60;
X mns = mns % 60;
X hrs = hrs % 24;
X sprintf(notes,
X "Test complete, total real time: %d seconds (%d %02d:%02d:%02d)",
X total_time,dys,hrs,mns,scs);
X note(1);
X summarize_status();}
X
SHAR_EOF
chmod 0644 crashme/crashme.c ||
echo 'restore of crashme/crashme.c failed'
Wc_c="`wc -c < 'crashme/crashme.c'`"
test 13087 -eq "$Wc_c" ||
echo 'crashme/crashme.c: original size 13087, current size' "$Wc_c"
fi
# ============= crashme/crashme.opt ==============
if test -f 'crashme/crashme.opt' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/crashme.opt (File already exists)'
else
echo 'x - extracting crashme/crashme.opt (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/crashme.opt' &&
! VMS LINKER OPTIONS FILE
IDENTIFICATION = "CRASHME V1.8"
SYS$LIBRARY:VAXCRTL/SHARE
SHAR_EOF
chmod 0644 crashme/crashme.opt ||
echo 'restore of crashme/crashme.opt failed'
Wc_c="`wc -c < 'crashme/crashme.opt'`"
test 84 -eq "$Wc_c" ||
echo 'crashme/crashme.opt: original size 84, current size' "$Wc_c"
fi
# ============= crashme/descrip.mms ==============
if test -f 'crashme/descrip.mms' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/descrip.mms (File already exists)'
else
echo 'x - extracting crashme/descrip.mms (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/descrip.mms' &&
! VMS MAKEFILE (for MMS)
!
X
CFLAGS = /DEBUG/LIST/SHOW=(NOSOURCE)/MACHINE/OPTIMIZE=(NOINLINE)/STANDARD=PORTABLE
X
crashme.exe depends_on crashme.obj
X link crashme.obj,crashme.opt/opt
X ! re-execute the next line in your superior process:
X crashme == "$" + f$env("DEFAULT") + "CRASHME"
X
crashme-dbg.exe depends_on crashme.obj
X link/debug/exe=crashme-dbg.exe crashme.obj,crashme.opt/opt
X
! note: do not use continuation character here.
DIST_FILES = crashme.1,crashme.c,makefile,descrip.mms,crashme.opt,read.me,shar.db
X
crashme.shar depends_on $(DIST_FILES)
X minishar crashme.shar shar.db
X
crashme.1_of_1 depends_on $(DIST_FILES)
X define share_max_part_size 1000
X vms_share $(DIST_FILES) crashme
SHAR_EOF
chmod 0644 crashme/descrip.mms ||
echo 'restore of crashme/descrip.mms failed'
Wc_c="`wc -c < 'crashme/descrip.mms'`"
test 690 -eq "$Wc_c" ||
echo 'crashme/descrip.mms: original size 690, current size' "$Wc_c"
fi
# ============= crashme/makefile ==============
if test -f 'crashme/makefile' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/makefile (File already exists)'
else
echo 'x - extracting crashme/makefile (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/makefile' &&
crashme: crashme.o
X cc -o crashme crashme.o
crashme.o: crashme.c
X cc -c crashme.c
SHAR_EOF
chmod 0644 crashme/makefile ||
echo 'restore of crashme/makefile failed'
Wc_c="`wc -c < 'crashme/makefile'`"
test 82 -eq "$Wc_c" ||
echo 'crashme/makefile: original size 82, current size' "$Wc_c"
fi
# ============= crashme/read.me ==============
if test -f 'crashme/read.me' -a X"$1" != X"-c"; then
echo 'x - skipping crashme/read.me (File already exists)'
else
echo 'x - extracting crashme/read.me (Text)'
sed 's/^X//' << 'SHAR_EOF' > 'crashme/read.me' &&
Notes for release 1.8 of Crashme. 27-SEP-1991 G...@MITECH.COM
X
Many people have suggested that the output of previous versions was
far too verbose, and that that was not only anoying but also
effectively slowing down the program. Therefore there is a new argument
available after the subprocess control argument, which is a verboseness
level from 0 to 5. Using a level of 2 will print out only summary
information about the runs. e.g.
X
$ crashme +2000 666 50 00:30:00 2
Crashme: (c) Copyright 1990, 1991 George J. Carrette
Version: 1.7 25-SEP-1991
Subprocess run for 1800 seconds (0 00:30:00)
Test complete, total real time: 1801 seconds (0 00:30:01)
exit status ... number of cases
X 1100 ... 2
X 3522652 ... 4
X 1036 ... 1
X 1084 ... 7
X 1108 ... 19
X 1 ... 432
X 12 ... 137
X
The table of exit status codes and frequencies is a new interesting
aspect of the test. This test was run on a VMS system, so that we have
a normal process exit 432 times, access violation 137 times,
and reserved operand fault 19 times, etc. As the number of tries goes
up (50 in this case) we would expect that the number of normal process
exits to go down.
X
Here is some output supplied by n...@infonode.ingr.com on one of his machines.
X
Processor : Intergraph Clipper C300 RISC processor
X 16Mb memory + 4k I cache and 4K D cache
X
Operating System: CLIX Version c.5.3.2
X derived from AT&T SVR 3.1 with BSD enhancements.
X
Crashme: (c) Copyright 1990, 1991 George J. Carrette
Version: 1.7 25-SEP-1991
Subprocess run for 9000 seconds (0 02:30:00)
Test complete, total real time: 9004 seconds (0 02:30:04)
exit status ... number of cases
X 136 ... 1
X 24576 ... 1
X 14 ... 1
X 138 ... 11
X 135 ... 27
X 140 ... 26
X 132 ... 430
X 139 ... 18
X 12800 ... 567
X
The status values here could be decoded by reading the documentation
for the "wait" system procedure, and looking up the correct part of
the value in the sys_errlist[] array. That is left as an exersize for the
reader.
X
------------------------------------------------------------------------
X
To compile, some systems may need #include <sys/types.h>.
X
Also, note the conditionalized code in bad_malloc. If your system
only gets the signal "segmentation violation" then you may need
to consider conditionalizations along this line.
X
However, on a machine with a segmented address space, that has
"instructions" in one segment and "data" in another, it is highly
unlikely that the code for setting up and invoking the "void (*badboy)()"
will have any interesting effect. Nothing other than an easily
handled SIGSEGV will result in the inner testing loop.
X
Some INTEL 80386 and DEC PDP-11 systems would be examples of this situation.
X
X
X
X
X
X
X
X
X
X
X
SHAR_EOF
chmod 0644 crashme/read.me ||
echo 'restore of crashme/read.me failed'
Wc_c="`wc -c < 'crashme/read.me'`"
test 2845 -eq "$Wc_c" ||
echo 'crashme/read.me: original size 2845, current size' "$Wc_c"
fi
exit 0
--
| Frank Kaefer | f...@stasys.sta.sub.org | Starnberg, Germany |
| Compuserve: 72427,2101 | Internet: f...@Germany.Sun.COM |
| unido!sunde!fkaefer | postm...@Germany.Sun.COM |
Mario Teetzen
>ch...@ixgch.uucp (Christoph Eckert) writes:
>|bin kuerzlich auf ein prograemmchen namens 'crashme' gestossen
>|es handelt sich dabei um version 1.4 vom 29.august 1991.
>|kennt jemand das programm und seinen genauen zweck?
>Das Prograemmchen ist recht simpel und daher gerade so genial.
jo. hammerhart. so schnell hab ich noch nie ein System sterben seh'n :-(
Das ISC-Unix, auf dem ich das ausprobiert habe, hat ca. 10 Sekunden
gebraucht, um sich ins Nirwana zu verabschieden. Nun ist der C-Compiler
fuer die meisten User erstmal verschwunden; aber irgendwie ist das
ja auch keine endgueltige Loesung, compilieren kann man das Dingen ja auch
woanders.
ciao sagt der leicht schockierte Mario.....
--
Mario Teetzen, Callenbergweg 8, 4600 Dortmund 18, Germany
...one mint julep was the cause of it all...
Christa Keil
On 14 Oct 91 09:18:00 GMT Mario Teetzen said:
>f...@stasys.sta.sub.org (Frank Kaefer) writes:
>
>>ch...@ixgch.uucp (Christoph Eckert) writes:
>
>>|bin kuerzlich auf ein prograemmchen namens 'crashme' gestossen
>>|es handelt sich dabei um version 1.4 vom 29.august 1991.
>>|kennt jemand das programm und seinen genauen zweck?
>
>>Das Prograemmchen ist recht simpel und daher gerade so genial.
>
>jo. hammerhart. so schnell hab ich noch nie ein System sterben seh'n :-(
Da sieht man mal wie schnell das geht.. hmm?
>Das ISC-Unix, auf dem ich das ausprobiert habe, hat ca. 10 Sekunden
>gebraucht, um sich ins Nirwana zu verabschieden.
Tja, da sag ich dann mal: s.s.
Nun bist Du zumindest um mindestens eine Erfahrung reicher ...
und um eine Illusion aerner .. oder so
>Nun ist der C-Compiler
>fuer die meisten User erstmal verschwunden; aber irgendwie ist das
>ja auch keine endgueltige Loesung, compilieren kann man das Dingen ja auch
>woanders.
Das stimmt allerdings.
>ciao sagt der leicht schockierte Mario.....
Also ich kann irgendwie noch nicht mal fuer 2 Groschen "Mitleid"
haben.
Im allgemeinen reicht es eigentlich schon, sich so ein Teil durch zu
lesen.
--
"Manche Menschen haben ihr Hirn auch nur, das der Wind nicht zwischen den Ohren
durchblaest und dabei sonderbare Toene erzeugt..." ,
Christa Keil, S.-Freud-Str.25, D-W-5300 Bonn 1, FRG Voice: +49-228-280-2862
Umv...@Dbnmeb1.bitnet zo...@dobag.in-berlin.de zo...@guug.de
Andreas Konegen
>jo. hammerhart. so schnell hab ich noch nie ein System sterben seh'n :-(
>
>Das ISC-Unix, auf dem ich das ausprobiert habe, hat ca. 10 Sekunden
>gebraucht, um sich ins Nirwana zu verabschieden. Nun ist der C-Compiler
>fuer die meisten User erstmal verschwunden; aber irgendwie ist das
>ja auch keine endgueltige Loesung, compilieren kann man das Dingen ja auch
>woanders.
Das ist ueberhaupt keine Loesung ! Wenn jemand deine Kiste crashen will
dann schaft er das auch ohne Compiler/mitgebrachte Prg's. Den Rechner z.B.
mit einem Shell-Script zum Stillstand zu bringen duerfte fuer die meissten
User auch kein Problem sein.
Andreas
Mario Teetzen
> Das ist ueberhaupt keine Loesung ! Wenn jemand deine Kiste crashen will
> dann schaft er das auch ohne Compiler/mitgebrachte Prg's. Den Rechner z.B.
> mit einem Shell-Script zum Stillstand zu bringen duerfte fuer die meissten
> User auch kein Problem sein.
Jo, das erfordert aber zumindest etwas eigeninitiative und wage System-
kenntnisse, waehrend 'make' mal ganz schnell "so zum Ausprobieren" eingetippt
ist. Dass man die Shell ohne grossen Aufwand nie auch nur 95%ig dicht bekommt,
ist mir auch klar; und dass die wirklichen Probleme nicht bei den normalen
Usern liegen (die hier bei mir auch alle nen Vertrag unterschrieben haben),
sondern bei den Gestalten, die durch mangelndes Security-Bewusstsein
der User/Betreiber ueberhaupt erst ins System kommen, duerfte auch
jedem bewusst sein.
Womit wir dann wieder beim beliebten Thema "System-Sicherheit unter
Unix" angekommen waeren. ;-)
ciao, Mario
Carsten Lutz
>hallo!
>
>bin kuerzlich auf ein prograemmchen namens 'crashme' (getarnt
>als 'mailx' :-) gestossen...
>
>es handelt sich dabei um version 1.4 vom 29.august 1991.
>author ist ein herr namens George J. Carrette.
>
>habs mal unter uid=test gid=user ohne argumente aufgestartet.
>resultat: crashme <nbytes> <srand> <ntrys> [nsub]
>
>mal soviel. kennt jemand das programm und seinen genauen zweck?
Siehe dazu alt.sources. Aktuell ist crashme18, soweit ich weiss.
Wenn ich mich richtig erinnere, schreibt das Programm Zufallszahlen
in den Speicher und versucht dann, das Kauderwelsch auszufuehren.
Das ganze natuerlich mehrfach. Die meisten Kisten steigen dabei
aus.
gruessend,
Carsten
--
* Carsten Lutz, Rellingen, FRG / c...@malihh.hanse.de ( NeXTmail accepted ) *
* Voice : +49 4101 207871 Fax: +49 4101 27757 Traily : +49 4101 22306 *
----------------------------------------------------------------------------
* let me fall out of the window with confetti in my hair - Tom Waits *
Framstag
> Womit wir dann wieder beim beliebten Thema "System-Sicherheit unter
> Unix" angekommen waeren. ;-)
Ist das nicht ein Widerspruch in sich selbst? ;-)
Brunnstein sagte mal:
"Der Einsatz von UNIX in sicherheitsrelevater Umgebung (er meinte damals
Patientendaten) halte ich schon fast fuer kriminell"
und
"UNIX ist MS-DOS in Sicherheit nur wenig vorraus - wenn ueberhaupt."
/---Ulli Horlacher---Rechenzentrum Uni Ulm---Oberer Eselsberg---7900 Ulm---\
\ ora...@dulruu51.bitnet | ora...@rz.uni-ulm.de | fram...@uni-ulm.de /
\------------------------------------------------------------------------/
| "Das Problem ist, dass sich (...) jemand hinsetzt und die Artikel |
| (...) mit einem Minimum von Intelligenz und Selektion auswaehlt, |
| aber davon kann ja bei News keine Rede sein." (Matthias Urlichs) |
Framstag
> Wenn ich mich richtig erinnere, schreibt das Programm Zufallszahlen
> in den Speicher und versucht dann, das Kauderwelsch auszufuehren.
> Das ganze natuerlich mehrfach. Die meisten Kisten steigen dabei
> aus.
Warum eigentlich? Normalerweise sollte auf Multiuser-Systemen mit MMU nur
der Prozess abschmieren, aber doch nicht gleich das ganze OS!?
BTW: bei VMS hab ich nicht mal das fertiggebracht. Der Condition Handler
fing alles brav auf.
Heinrich Schnermann
>Das ISC-Unix, auf dem ich das ausprobiert habe, hat ca. 10 Sekunden
>gebraucht, um sich ins Nirwana zu verabschieden. Nun ist der C-Compiler
Ich moechte wetten, auf der Console war folgende Meldung:
WARNING: unexpected INT 1 in user mode, dr6=FFFF0FF0
Spielkind Heinrich
--
Heinrich Schnermann, Wichmannstr. 26, 3000 Hannover 81, +49 511 835603
Abstain from wine, women and song; mostly song.
Mario Teetzen
>su...@sunnies.ruhr.de (Mario Teetzen) writes:
>>Das ISC-Unix, auf dem ich das ausprobiert habe, hat ca. 10 Sekunden
>>gebraucht, um sich ins Nirwana zu verabschieden. Nun ist der C-Compiler
>Ich moechte wetten, auf der Console war folgende Meldung:
>WARNING: unexpected INT 1 in user mode, dr6=FFFF0FF0
noeh. da stand ueberhaupt keine Meldung. einfach weg, ohne warning, ohne
panic....richtig gruendlich ;-)
>Spielkind Heinrich
jo, ist schon ein lustiges Prograemmchen, ciao, Mario
Patrick Wendt
>WARNING: unexpected INT 1 in user mode, dr6=FFFF0FF0
Ja, so in etwa sah das bei mir zumindest aus ...
Dieses Programm stellt ja keine sonderliche Bedrohung dar, kann
aber mayB laestig werden. Gibt es dagegen eine Art Bug-Fix (ausser
keine Shell-User zuzulassen :->), ist jmd. etwas in der Richtung
bekannt ... ? - MayB mal einen netten Brief an ISC schreiben :-)
Gruss ... Pat !
--
----------------------------------------------------------------------------
- Patrick Wendt | ro...@chamber.in-berlin.de | Zombies Burial Chamber -
- - - - - - - - - | pwe...@opal.cs.tu-berlin.de | UNIX SysV 386/33 -
- Berlin, Germany | pwe...@bitcave.in-berlin.de | Data: +49 30 / 402 56 92 -
----------------------------------------------------------------------------
Christian Kaiser
ORA...@rzmain.rz.uni-ulm.de (Framstag) writes:
)In <1991Oct14....@malihh.hanse.de> c...@malihh.hanse.de writes:
)
)> Wenn ich mich richtig erinnere, schreibt das Programm Zufallszahlen
)> in den Speicher und versucht dann, das Kauderwelsch auszufuehren.
)> Das ganze natuerlich mehrfach. Die meisten Kisten steigen dabei
)> aus.
)
)Warum eigentlich? Normalerweise sollte auf Multiuser-Systemen mit MMU nur
)der Prozess abschmieren, aber doch nicht gleich das ganze OS!?
.SCHWAETZ ON
UNIX fuehrt Benutzerprozesse normalerweise im sog. "User"-Mode der CPU
und den Kernel in "Supervisor"-Mode (das kann von CPU zu CPU verschieden
heissen) aus. Wenn nun z.B.
- eine im User-Mode illegale Instruktion
- ein Page-Fault der MMU
- eine Exception der FPU (z.B. DIV durch 0)
- ein TRAP (z.B. zum Anstossen eines Systemcalls)
- etc. etc.
auftritt, sichert die CPU ihren Status, wechselt in den Supervisor-Mode
und fuehrt einen dem Ausnahmezustand entsprechenden Exception-Handler
aus. Diese Exception-Handler sind z.T. ziemlich komplex und koennen nun
mal fehlerhaft, unvollstaendig oder sonstwas sein - die Folge ist halt
ein PANIC oder ein Haenger. Typischer Fall von "nicht getestet". :-)
Seltener sind echte CPU-Bugs; z.B. Opcodes, die die CPU selbst ins
Nirwana schicken. Es gab mal den Verdacht, dass manche RISC-Prozessoren
da anfaellig sind. Hat sich diesbezueglich schon was ergeben?
Wie auch immer: Ich weiss zumindest von einer Firma, deren QA mittler-
weile crashme erfolgreich einsetzt ;-)
Gruesse,
Christian
--
Christian Kaiser, Munich, Germany Mail: c...@chi.sub.org, c...@chiuur.UUCP