
The History of a Security Hole - jsnell
http://www.os2museum.com/wp/the-history-of-a-security-hole/
======
cperciva
Worth mentioning: FreeBSD had an equivalent bug on _amd64_ , because the I/O
permissions array got confused with a pointer to said array. This was fixed in
April 2005 -- and was discovered by someone saying "that's weird, I can startx
as a regular user even though the X server binary isn't setuid...".

------
userbinator
How this works in emulators/VMs is also of interest --- because it could be
another way in which code running on real hardware differs from that in VM,
and can be used to distinguish.

------
raresp
Forbidden

You don't have permission to access /wp/the-history-of-a-security-hole/ on
this server.

~~~
Kovah
[https://web.archive.org/web/20180903022426/http://www.os2mus...](https://web.archive.org/web/20180903022426/http://www.os2museum.com/wp/the-
history-of-a-security-hole/)

------
ezoe
Seriously? OpenBSD developers didn't consider the C compiler adds padding to
the structure?

~~~
tedunangst
No, we've never heard about this padding of which you speak.

