funsec mailing list archives
Re: Hey old people
From: Drsolly <drsollyp () drsolly com>
Date: Wed, 21 Dec 2005 18:39:10 +0000 (GMT)
On Wed, 21 Dec 2005, Blue Boar wrote:
Drsolly wrote:My favourite is the one whereby an IBM PC tries to boot from a floppy disk by loading and executing the boot sector, even if your normal bootup is from the hard disk. That was introduced with the IBM XT, (1983, I think) and first exploited in 1986.:) In the sense that the XT was the first model available for sale with a HD, yes. You could retrofit the 5150B with a HD, though. That model would have been 81 still, or maybe 82. I don't know if you could have bought a HD for it then.
The original PC Bios didn't have hard disk code, so you had to attach the HD via a device driver. That meant that you couldn't boot from the hard disk. I actually had one, it was a 10 mb monster from Xebec, costing £1000. So, since booting from a floppy was the only way to start up the computer, I wouldn't call it a vulnerability that there was no way to change that.
But for a really old vulnerability you want the one whereby is you have an EXE file, and put a COM file in the same directory, then the COM file gets executed in preference to the EXE file when you type the filename without extension. That existed in 1981, although it wasn't realised that it was a vulnerability until the 1990sI was going to point out .exes being introduced with DOS 2.0, but Larry beat me to it.
I actually used DOs 1.1, I don't remember whether EXEs were available or not. Are you sure they weren't? It would have meant a severe restriction on the size of programs, and I don't recollect this.
That's the spirit though, Solly. It doesn't say so on the page, but we're thinking to qualify, the OS would have to me multi-user (or multi-processing might be sufficient, depending...) and that there would have to be a hardware-supported supervisor mode. I don't think DOS would qualify.
Dos 2.0 was multiprocessing. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Hey old people Blue Boar (Dec 20)
- Re: Hey old people Drsolly (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 21)
- Re: Hey old people Drsolly (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 21)
- RE: Hey old people Nick FitzGerald (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 21)
- RE: Hey old people Drsolly (Dec 21)
- RE: Hey old people Larry Seltzer (Dec 30)
- Re: Hey old people Blue Boar (Dec 30)
- Re: Hey old people Drsolly (Dec 21)