[Info-vax] How dangerous is it to be able to get into DCL supervisor mode ?
David Froble
davef at tsoft-inc.com
Mon Jul 3 20:34:26 EDT 2017
Bill Gunshannon wrote:
> On 7/3/2017 6:45 PM, Simon Clubley wrote:
>> On 2017-07-03, Hans Vlems <hvlems at freenet.de> wrote:
>>> If I understand you well then after crashing DCL your process is left in
>>> Supervisor mode. Without a CLI how can you exploit that privileged
>>> position?
>>
>> You don't have a process after DCL crashes. The idea is to try and
>> corrupt
>> DCL just enough to be able to execute your shellcode without corrupting
>> it enough to actually crash and terminate your process.
>>
>> If you find manage to find a way to obtain this level of control then
>> that's the point at which a crash becomes an exploit.
>>
>> However, at the moment, the process crashes with the following final
>> status (from the accounting log):
>>
>> Final status text: %SYSTEM-F-NOHANDLER, no condition handler found
>>
> Just playing devil's advocate.....
>
> If you can determine the condition is there any way you could install
> a handler? That might lead to some interesting situations.
>
> bill
>
Ok, just speculating, the sequence might be CMKRNL then dropping to supervisor
mode. Now, when in kernel mode, you queue a handler, then go to supervisor
mode. That handler takes priority over anything you can do from supervisor
mode, and the first thing it does is drop you to user mode. You're done at that
time.
It's been quite a while since I was into such things, and I haven't researched
it. Just depending on (increasingly poor) memory.
I'm willing to bet that something similar has been in VMS all along.
More information about the Info-vax
mailing list