Andrew Gillham <gillhaa@ghost.whirlpool.com> writes:

> If their patch just looks through the code for '0xf0, 0x0f, 0xc7, 0xc8' 
> when exec()'ing, then what stops the malicious from reassembling the
> sequence at runtime?

I don't know what it does...  All I see are .o files, and I don't have
the time to investigate that...

I also don't want a trap for each instruction so the kernel can investigate
to see if it is the sequence or not...

I really don't see how a software workaround is plausable for this sort
of bug.

--Michael