Crispin Cowan <crispinat_private> wrote: > > On Tue, 28 Jul 1998, Cy Schubert wrote: > > > > > What makes MVS (and VM) so impervious to attack is that the S/390 > > > hardware doesn't rely on a stack, making effective buffer overruns > > > considerably more difficult. (A little off topic :) > > More specifically, the 360/370/390 architecture writes the return address > into the code space just ahead of the function entry point. Poof: no stack > :-), and no recursion :-( But typically, due to the most feared word of S/360 programmers (adressability), the local variables are stored in between the functions of the programs (at least with CMS they are, and I assume IBM's calling conventions are the same with all S/360 OSes). So you can't write-protect the code segment, and a buffer overrun can overwrite code. This sounds pretty serious to me. I await the first CMS or MVS buffer overrun exploit. Of course nobody prohibits any program to use its own calling conventions (including a stack or two) internally. -Olaf. -- ___ Olaf 'Rhialto' Seibert D787B44DFC896063 4CBB95A5BD1DAA96 \X/ * You are not expected to understand this. rhialtoat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:31 PDT