Re: Hey old people

[Valdis.Kletnieks () vt edu]

On Wed, 21 Dec 2005 09:48:28 PST, Blue Boar said:

> Now you're talking!  In fact, I have a reference to a vulnerability that 
> sounds just like what you describe, but it doesn't name the OS or 
> hardware.  Do you know if the problem was *known* in '69?  Do you have 
> any kind of documentation that was written up at the time?

I've been looking through what old S/360 stuff I have, and I stand at least
partially corrected - by the late 70's, the mod 95's documentation specifically
stated that the SVC (supervisor call) instruction and several others caused
pipeline drains before execution, thus preventing that exact exploit from
working.  On the other hand, the way the comment is written certainly smells
like "rewritten to match post-ship engineering change" ;)

It's something that I'm pretty sure was well understood - every model that was
able to generate imprecise interrupts had at least a page of documentation on how
to serialize the instruction stream.  Actually finding real documentation of
an actual exploit would have been almost impossible, as IBM in those days was
incredibly secretive - the APAR would come out flagged as 'Integrity', and never
any actual explanation.  If you were lucky, it said 'data management' or 'spooling'
or 'scheduler' as well.

And more than once, I received 'Integrity' updates that didn't have any source
code updates attached - which was really odd when the affected component shipped
with source code.  I always suspected that they'd flag some invasive patch that
hit 219 modules as a 'pre-req', and then sneak the actual update into the pre-req's
source updates....

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.