Hello. everyone. I wonder if this letter is not appropriate for the list, but I am sure that aleph1 will filter out if it is. When I was thinking about the OS/390 and its open TCP/IP services, this came to my mind that the conceptual resemblance between MVS and UNIX may lead to some successful buffer overflow attack in OS/390. Now open MVS comes with TCP/IP services that are running as Started Tasks which seem to be just like suid demons. TSO session creates its own address space which seems like a memory space for UNIX shell environment. If a normal user can create a shell code for the jump to the TSO command line of a SPECIAL user, I think that buffer overflow may not be impossible. Even C compiler is available for the ESA. Well, if someone finds vulnerable programs, this may lead to successful attack on the environment. End. *******************Internet Email Confidentiality Footer******************* Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and please notify us immediately. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information expressed in this message are not given or endorsed by my firm or employer unless otherwise indicated by an authorized representative independent of this message.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:27 PDT