> On Sep 16, 2015, at 2:10 PM, Chuck Guzis <ccl...@sydex.com> wrote:
>
> This brings up something that's always baffled me.
>
> Why does a user's (or worse, the entire system's) files have to be
> immediately accessible to any application wanting to take a look.
>
> Take a legacy example, SCOPE or NOS on a CDC mainframe. ...
Just remember that those older systems may well have had any number of security
issues of their own. They did benefit a lot from "security by obscurity" as
well as the fact that they weren't connected to the Internet.
I never had any incentive to look for holes in CDC operating systems, but I
still remember a simple hole I found in OS/360, about a month after I first
wrote a program for that OS. It allowed anyone to run supervisor mode code
with a couple dozen lines of assembler source code. I found it on OS/PCP 19.6,
but I noticed in graduate school that it still worked on the university's 370
running OS/MVS 21.7.
(The magic? Use the OS service to give a symbolic name to a location in your
code, with a well chosen name, then give that name as the name of the "start
I/O appendage" in an EXCP style I/O request.)
paul
