[7544] in bugtraq
Re: A way to prevent buffer overflow exploits? (was: "Any user
daemon@ATHENA.MIT.EDU (Olaf Seibert)
Thu Aug 6 13:37:35 1998
Date: Thu, 6 Aug 1998 12:23:38 +0200
Reply-To: Olaf Seibert <rhialto@POLDER.UBC.KUN.NL>
From: Olaf Seibert <rhialto@POLDER.UBC.KUN.NL>
X-To: crispin@CSE.OGI.EDU
To: BUGTRAQ@NETSPACE.ORG
Crispin Cowan <crispin@CSE.OGI.EDU> wrote:
> > On Tue, 28 Jul 1998, Cy Schubert wrote:
> >
> > > What makes MVS (and VM) so impervious to attack is that the S/390
> > > hardware doesn't rely on a stack, making effective buffer overruns
> > > considerably more difficult. (A little off topic :)
>
> More specifically, the 360/370/390 architecture writes the return address
> into the code space just ahead of the function entry point. Poof: no stack
> :-), and no recursion :-(
But typically, due to the most feared word of S/360 programmers
(adressability), the local variables are stored in between the functions
of the programs (at least with CMS they are, and I assume IBM's calling
conventions are the same with all S/360 OSes). So you can't
write-protect the code segment, and a buffer overrun can overwrite code.
This sounds pretty serious to me. I await the first CMS or MVS buffer
overrun exploit.
Of course nobody prohibits any program to use its own calling conventions
(including a stack or two) internally.
-Olaf.
--
___ Olaf 'Rhialto' Seibert D787B44DFC896063 4CBB95A5BD1DAA96
\X/ * You are not expected to understand this. rhialto@polder.ubc.kun.nl
