Re: Hey old people

[Tom Van Vleck <thvv () multicians org>]

Donn Parker's work will be very valuable to you.  As I remember,
he cataloged actual exploits rather than vulnerabilities, and in
many cases verified them rather than just propagating anecdotes,
for the time period of the 60s and 70s.

I corresponded with Don Widrig, one of the CTSS system programmers,
about the GETMEM. non-zeroed memory, and he says that everybody
knew about this bug but that he does not remember ever writing
a program to exploit it.  I was sure this was actually done..
unfortunately the next most likely exploiter has passed away.
I will write to a few more CTSS folks who might remember.

OS/360 came after CTSS, of course, but it may be worth cataloging
several exploits from the 60s.  I wish I could locate the document
I used to have, printed in all caps on computer paper, that listed
a half dozen holes in OS/360 prior to release 15.  For instance,
one that I remember was that although PCP and MFT had memory
portection -- one could not modify the supervisor unless executing
with supervisor state -- there were several data structures used by
interrupt handling that were writeable while in user state; one
of these was the CVT, Communications Vector Table.  All one had
to do was to hook this and wait for the next interrupt, to gain
control in supervisor state.

Another OS/360 hole I remember was that at boot, the system would
accept the first root pack it found.  So if you mounted a disk
pack as unlabeled, and got it onto a unit with a lower number than
the root pack, and copied the root pack onto yours with appropriate
patches, and crashed OS/360 (many ways existed), the system would
reboot from your pack.  This also would be pre-1970.


On Dec 23, 2005, at 11:06 AM, Sullo wrote:

> On 12/21/05, Blue Boar <BlueBoar () thievco com> wrote:
> > >    Those of you with access to IEEE or ACM accounts
>
> I've had fun with this one as well. I was finally able to gain
> access to two ACM publications that I thought would lead to more
> info, but neither did.  For reference, they are:
>   1) "A problem-list of issues concerning computers and public
> policy," Daniel D. McCracken, 1974
>   2) "A problem-list of public policy issues concerning computers
> and health care," Anthony I. Wasserman, 1975
>
> They turned out to be speculation about potential problems, and
> questions, than a list of actual issues. For example, from the
> McCracken paper:
>
> "Who is responsible when computer programs fail? The system design
> who may not have adequately defined the job? The programmer who made
> a mistake which he failed to catch because of inadequate program
> testing? The manager who did not allow enough time for proper
> testing? The computer operator who, although it was not his prime
> responsibility, did notice what he thought might a problem--but said
> nothing?"
>
> Again this reinforces the notion that nothing has changed in the
> last 30 years...
>
> We're not quite ready to call this contest...but soon! So send in
> what you've got. Even if it's more recent than some BB has discussed
> here, we're still interested in cataloging vulns from the '70s and
> earlier (well, anything we don't have, really).
>
> -Sullo
>
>
>
> --
>
> http://www.cirt.net/      |     http://www.osvdb.org/
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.