1 Jun
2020
1 Jun
'20
3:12 a.m.
s?n 2020-05-31 klockan 10:04 -0500 skrev Jon Elson via cctalk:
On 05/31/2020 02:06 AM, jim stephens via cctalk
wrote:
I have a school memory of something like that:
my school had a PRIME 9955 with PRIMOS 19, well that system had a hole
in the handling of serial lines with modems. One municipality employee
was logged in from home/work and went home (basically pulled the plug
on the pc and went home.) My friend dialed in and got into the
employees login session....
I have a memory of the responsible system admin when he speaks with
PRIME in Stockholm, well it wasn't the first time this happened...
On 5/30/2020 11:15 PM, Eric Smith via cctalk wrote:
Yes, the SPIE call as supplied from IBM was surely the
security hole big enough for 5 ocean liners abreast to steam
right through! Everybody had to patch that, and the patch
was fairly simple. But, it was a clear indication of how
LITTLE IBM thought about security. Of course, they were
thinking about banks where 3 teams reviewed code before it
ever ran on the machine, not universities where kids would
try all sorts of mischief.
On 05/29/2020 02:38 PM, Noel Chiappa via cctalk
wrote:
> <snip>
> Low-level machines did not even have storage protection
> keys, and on the /40 and /50 (I think) it was an option,
> although I'd guess almost any /50 had it installed.
Our /50 had it and I
have never seen any indication in the
documentation for the hardware that
indicated that it was an option.
I don't think that either MVT or MFT would have been very
stable without it. I certainly spent a lot of time
studying how to get around it, and am responsible for a
couple of SPIE patches in the MVT product
from exploits trying to get into supervisor mode to muck
with such.
Yes, I know supervisor state isn't tied to
the storage
keys, but that was the way I went to
try to circumvent the storage keys.
Oh, once you have the P bit set to zero, you
can do
anything, such as changing the storage protection key of
your own program.
Jon