Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Mainframe Security

From: ljknews at mac.com (ljknews)
Date: Fri, 2 Nov 2007 11:22:23 -0400
At 4:11 PM +0100 11/2/07, Johan Peeters wrote:


Let me offer a little variant on the previous theme though to
illustrate, hopefully more convincingly, why I find COBOL worrisome:

      ...
       01 txt                        pic x(2).
       ....
       move 'hi' to txt
       call 'evil-code' using txt
       ....

      IDENTIFICATION DIVISION.
       PROGRAM-ID. evil-code.
       DATA DIVISION.
       linkage section.
       01 asset                        PIC  X(1200).
       procedure division using asset
       ....

The author of evil-code now has a selection of the contents of the
caller's data segment at his disposal.


Are you saying that evil-code is written in some language that allows
it to take advantage of by-reference semantics to go outside the
nominal boundaries of 2 bytes presumed by COBOL ?

If so, this is hardly an issue specific to COBOL.  Presuming evil-code
can play address arithmetic issues, any situation where the caller's
address space is visible to evil-code is similarly vulnerable.

Clearly evil-code should be in a separate address space to defend
against such an attack.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: