[Info-vax] An old VMS vulnerability, was: Re: Calling standards, was: Re:
Bob Koehler
koehler at eisner.nospam.decuserve.org
Tue Nov 29 10:04:50 EST 2016
In article <o1i312$vle$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>
> One way to stop that as an attack vector is to make sure that the
> memory pages allocated to the logical name tables are marked as
> no-execute. I don't know where you stored the shellcode in your
> version, but I also hope that those memory pages are now no-execute
> in VMS as well.
No-execute is a problem, since VMS still runs on VAXen and Alphas
that don't enforce no-execute. IIRC IA64 does support it. Don't
know about x86, but I thought current generations do.
More information about the Info-vax
mailing list