Re: Hey old people

[Valdis.Kletnieks () vt edu]

On Tue, 20 Dec 2005 22:44:54 PST, Blue Boar said:
> http://www.osvdb.org/blog/?p=77
>
> Any of you guys remember any really old vulnerabilities?

Certain larger models of the IBM S/360 had "imprecise interrupts" - meaning that
a program check could be recognized after the instruction had already
completed.  This was particularly a problem on the mod 95, which had a 6-deep instruction
pipeline, but also manifested on systems with Large Core Storage attached - LCS
was a whole megabyte in a box (as opposed to the 256K in the normal storage
frames), but the cycle time was around 9,000 nanoseconds (really).  To preserve
some sense of performance, writes to LCS were buffered and completed after the
next opcode had started.  The upshot was that a very common paradigm for issuing
a request to the operating system was something like:

     ST    R2,8(,R1)        save parameter from R2 in parm list pointed to by r1
     SVC   19               issue OPEN supervisor call

Of course, if R1 points off into hyperspace, the store should fail. But on the
models with imprecise interrupts, the LCS could signal a permission problem after
the SVC had completed.  Of course, at that point you're running in supervisor mode,
and program interrupts aren't supposed to happen - so you'd get the OS/MVT equivalent
of a Unixoid 'panic()'.

Date this one back to 1969 or so, when the mod 95 shipped.  That old enough? ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.