funsec mailing list archives
Re: Hey old people
From: Valdis.Kletnieks () vt edu
Date: Wed, 21 Dec 2005 18:26:03 -0500
On Wed, 21 Dec 2005 09:48:28 PST, Blue Boar said:
Now you're talking! In fact, I have a reference to a vulnerability that sounds just like what you describe, but it doesn't name the OS or hardware. Do you know if the problem was *known* in '69? Do you have any kind of documentation that was written up at the time?
I've been looking through what old S/360 stuff I have, and I stand at least partially corrected - by the late 70's, the mod 95's documentation specifically stated that the SVC (supervisor call) instruction and several others caused pipeline drains before execution, thus preventing that exact exploit from working. On the other hand, the way the comment is written certainly smells like "rewritten to match post-ship engineering change" ;) It's something that I'm pretty sure was well understood - every model that was able to generate imprecise interrupts had at least a page of documentation on how to serialize the instruction stream. Actually finding real documentation of an actual exploit would have been almost impossible, as IBM in those days was incredibly secretive - the APAR would come out flagged as 'Integrity', and never any actual explanation. If you were lucky, it said 'data management' or 'spooling' or 'scheduler' as well. And more than once, I received 'Integrity' updates that didn't have any source code updates attached - which was really odd when the affected component shipped with source code. I always suspected that they'd flag some invasive patch that hit 219 modules as a 'pre-req', and then sneak the actual update into the pre-req's source updates....
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Hey old people, (continued)
- Re: Hey old people Valdis . Kletnieks (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people David Lodge (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people Blue Boar (Dec 21)
- Re: Hey old people Drsolly (Dec 21)
- Re: Hey old people Valdis . Kletnieks (Dec 21)
- Re: Hey old people Valdis . Kletnieks (Dec 21)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people dudevanwinkle () gmail com (Dec 22)
- Re: Hey old people Blue Boar (Dec 22)
- Re: Hey old people Drsolly (Dec 22)
- Re: Hey old people Roland Dobbins (Dec 22)
- Re: Hey old people Tom Van Vleck (Dec 22)
- Re: Hey old people Roland Dobbins (Dec 21)
- Re: Hey old people Blue Boar (Dec 21)