Re: Fwd: Any user can panic OpenBSD machine

[cschuber () PASSER OSG GOV BC CA (Cy Schubert)]

> On Mon, 27 Jul 1998, Theo de Raadt wrote:
> > Whoopty doo -- another way to crash another operating system has been
> > reported.  This is twice now that a 'local' OpenBSD crash has made it
> > to bugtraq as if it were a typical exploit.  Does this now mean
> > bugtraq is open ground for reporting any way to crash a multiuser
> > operating system?  I bet there are plenty of ways to crash any
> > operating system, if you have a local account.
>
> There are operating systems -- KeyKOS and MVS, for example -- in which
> making this impossible is an explicit design goal.  I do not believe
> there are any known local-DoS exploits for either of these two OSes.

There have been no published MVS exploits, however I have seen two
exploits over the years and one TSO UADS exploit (pre-RACF/ACF2/Top
Secret).  Regarding exploits of locally written APF authorized
programs, I've only seen one.

What makes MVS (and VM) so impervious to attack is that the S/390
hardware doesn't rely on a stack, making effective buffer overruns
considerably more difficult.  (A little off topic :)


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  cschuber () uumail gov bc ca
ITSD                                   Cy.Schubert () gems8 gov bc ca
Government of BC