Re: A way to prevent buffer overflow exploits? (was: "Any user

rhialtoPOLDER.UBC.KUN.NL

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dmitry Yu. Bolkhovityanov: "Re: irix-6.2 "at -f" vulnerability"
• Previous message: Paul Leach: "Re: Object tag crashes Internet Explorer 4.0"

Crispin Cowan <crispinCSE.OGI.EDU> wrote:
> > On Tue, 28 Jul 1998, Cy Schubert wrote:
> >
> > > What makes MVS (and VM) so impervious to attack is that the S/390
> > > hardware doesn't rely on a stack, making effective buffer overruns
> > > considerably more difficult.  (A little off topic :)
>
> More specifically, the 360/370/390 architecture writes the return address
> into the code space just ahead of the function entry point.  Poof:  no stack
> :-), and no recursion :-(

But typically, due to the most feared word of S/360 programmers
(adressability), the local variables are stored in between the functions
of the programs (at least with CMS they are, and I assume IBM's calling
conventions are the same with all S/360 OSes). So you can't
write-protect the code segment, and a buffer overrun can overwrite code.
This sounds pretty serious to me. I await the first CMS or MVS buffer
overrun exploit.

Of course nobody prohibits any program to use its own calling conventions
(including a stack or two) internally.

-Olaf.
--
___ Olaf 'Rhialto' Seibert                D787B44DFC896063 4CBB95A5BD1DAA96
\X/ * You are not expected to understand this.    rhialtopolder.ubc.kun.nl

• Next message: Dmitry Yu. Bolkhovityanov: "Re: irix-6.2 "at -f" vulnerability"
• Previous message: Paul Leach: "Re: Object tag crashes Internet Explorer 4.0"