Hi, > When I was thinking about the OS/390 and its open TCP/IP services, this > came to my mind that the conceptual resemblance between MVS and UNIX may > lead to some successful buffer overflow attack in OS/390. > > Now open MVS comes with TCP/IP services that are running as Started Tasks > which seem to be just like suid demons. TSO session creates its own > address space which seems like a memory space for UNIX shell environment. > If a normal user can create a shell code for the jump to the TSO command > line of a SPECIAL user, I think that buffer overflow may not be impossible. well, you can't mess with code space as normal users (if i remember correctly). buffer overflows are of course possible, but you can't use them to do stack smashing attacks because the code and data segments are seperated. > Even C compiler is available for the ESA. Well, if someone finds > vulnerable programs, this may lead to successful attack on the environment. well, back in an old job I did a security review of the OpenEdition segment and found some security vulnerabilities (which should be fixed in the current release - it was a hard fight until they promised that). i think there are still my vulnerabilities left still to be found for the brave searcher ;-) Greets, Marc -- Marc Heuse, S.u.S.E. GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marcat_private Function: Security Support & Auditing issue a "finger marcat_private | pgp -fka" for my public pgp key
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:58 PDT