Cryptolocker (was RE: Is tape dead?
Jon Elson
elson at pico-systems.com
Wed Sep 16 20:36:39 CDT 2015
On 09/16/2015 01:29 PM, Paul Koning wrote:
> I never had any incentive to look for holes in CDC
> operating systems, but I still remember a simple hole I
> found in OS/360, about a month after I first wrote a
> program for that OS. It allowed anyone to run supervisor
> mode code with a couple dozen lines of assembler source
> code. I found it on OS/PCP 19.6, but I noticed in graduate
> school that it still worked on the university's 370
> running OS/MVS 21.7. (The magic? Use the OS service to
> give a symbolic name to a location in your code, with a
> well chosen name, then give that name as the name of the
> "start I/O appendage" in an EXCP style I/O request.) paul
Yup, the classic breakin was you set up an exception handler
with SPIE (specify program interrupt exit, I think) and
then do a divide by zero. This gives the handler the PSW of
the problem program. You turn the P bit of the PSW off and
return. The stock OS would actually ALLOW you to DO this,
and just return to the user program now in supervisor
state! It was a VERY simple fix, you just don't allow any
exception handler to change the state of the P bit. But,
MANY systems did not do that check.
So MANY other weaknesses could easily be caused by
accident. Like, the file that contained valid account
numbers was often not protected. Anybody could just print
out that file.
Jon
More information about the cctalk
mailing list