Thus spake Andrew Gillham
> > Apparently, BSDI has a binary patch for this...  Think we could get
> > the real fix from 'em and be the second OS to have the fix in place?
> If their patch just looks through the code for '0xf0, 0x0f, 0xc7, 0xc8' 
> when exec()'ing, then what stops the malicious from reassembling the
> sequence at runtime?

I hear that they are refusing to explain the patch which leads me to
believe it is something as simplistic as this.  I had the same thought
about it.  Just add 1 to the sequence or xor it or something. 

I wonder what would happen if you had a program that legitimately had
some data that just happened to match the pattern.

-- 
D'Arcy J.M. Cain <darcy@{druid|vex}.net>   |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 424 2871     (DoD#0082)    (eNTP)   |  what's for dinner.