16 Sep
2015
16 Sep
'15
11:29 a.m.
On Sep 16, 2015, at 2:10 PM, Chuck Guzis <cclist at
sydex.com> wrote:
This brings up something that's always baffled me.
Why does a user's (or worse, the entire system's) files have to be immediately
accessible to any application wanting to take a look.
Take a legacy example, SCOPE or NOS on a CDC mainframe. ...
Just remember that those older systems may well have had any number of security issues of
their own. They did benefit a lot from "security by obscurity" as well as the
fact that they weren't connected to the Internet.
I never had any incentive to look for holes in CDC operating systems, but I still remember
a simple hole I found in OS/360, about a month after I first wrote a program for that OS.
It allowed anyone to run supervisor mode code with a couple dozen lines of assembler
source code. I found it on OS/PCP 19.6, but I noticed in graduate school that it still
worked on the university's 370 running OS/MVS 21.7.
(The magic? Use the OS service to give a symbolic name to a location in your code, with a
well chosen name, then give that name as the name of the "start I/O appendage"
in an EXCP style I/O request.)
paul