Re: Buffer overflow and OS/390

[marc () SUSE DE (Marc Heuse)]

Hi,

> When I was thinking about the OS/390 and its open TCP/IP services, this
> came to my mind that the conceptual resemblance between MVS and UNIX may
> lead to some successful buffer overflow attack in OS/390.
>
> Now open MVS comes with TCP/IP services that are running as Started Tasks
> which seem to be just like suid demons.  TSO session creates its own
> address space which seems like a memory space for UNIX shell environment.
> If a normal user can create a shell code for the jump to the TSO command
> line of a SPECIAL user, I think that buffer overflow may not be impossible.

well, you can't mess with code space as normal users (if i remember correctly).
buffer overflows are of course possible, but you can't use them to do
stack smashing attacks because the code and data segments are seperated.

> Even C compiler is available for the ESA.  Well, if someone finds
> vulnerable programs, this may lead to successful attack on the environment.

well, back in an old job I did a security review of the OpenEdition segment
and found some security vulnerabilities (which should be fixed in the
current release - it was a hard fight until they promised that).
i think there are still my vulnerabilities left still to be found for the
brave searcher ;-)

Greets,
        Marc
--
  Marc Heuse, S.u.S.E. GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: marc () suse de      Function: Security Support & Auditing
  issue a  "finger marc () suse de | pgp -fka" for my public pgp key