> On Mon, 27 Jul 1998, Theo de Raadt wrote: > > Whoopty doo -- another way to crash another operating system has been > > reported. This is twice now that a 'local' OpenBSD crash has made it > > to bugtraq as if it were a typical exploit. Does this now mean > > bugtraq is open ground for reporting any way to crash a multiuser > > operating system? I bet there are plenty of ways to crash any > > operating system, if you have a local account. > > There are operating systems -- KeyKOS and MVS, for example -- in which > making this impossible is an explicit design goal. I do not believe > there are any known local-DoS exploits for either of these two OSes. There have been no published MVS exploits, however I have seen two exploits over the years and one TSO UADS exploit (pre-RACF/ACF2/Top Secret). Regarding exploits of locally written APF authorized programs, I've only seen one. What makes MVS (and VM) so impervious to attack is that the S/390 hardware doesn't rely on a stack, making effective buffer overruns considerably more difficult. (A little off topic :) Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuberat_private ITSD Cy.Schubertat_private Government of BC
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:09:20 PDT