[Info-vax] How dangerous is it to be able to get into DCL supervisor mode ?
David Froble
davef at tsoft-inc.com
Mon Jul 3 22:28:15 EDT 2017
Bill Gunshannon wrote:
> On 7/3/2017 8:34 PM, David Froble wrote:
>> Bill Gunshannon wrote:
>>> On 7/3/2017 6:45 PM, Simon Clubley wrote:
>>>> On 2017-07-03, Hans Vlems <hvlems at freenet.de> wrote:
>>>>> If I understand you well then after crashing DCL your process is
>>>>> left in
>>>>> Supervisor mode. Without a CLI how can you exploit that privileged
>>>>> position?
>>>>
>>>> You don't have a process after DCL crashes. The idea is to try and
>>>> corrupt
>>>> DCL just enough to be able to execute your shellcode without corrupting
>>>> it enough to actually crash and terminate your process.
>>>>
>>>> If you find manage to find a way to obtain this level of control then
>>>> that's the point at which a crash becomes an exploit.
>>>>
>>>> However, at the moment, the process crashes with the following final
>>>> status (from the accounting log):
>>>>
>>>> Final status text: %SYSTEM-F-NOHANDLER, no condition handler found
>>>>
>>> Just playing devil's advocate.....
>>>
>>> If you can determine the condition is there any way you could install
>>> a handler? That might lead to some interesting situations.
>>>
>>> bill
>>>
>>
>> Ok, just speculating, the sequence might be CMKRNL then dropping to
>> supervisor mode. Now, when in kernel mode, you queue a handler, then
>> go to supervisor mode. That handler takes priority over anything you
>> can do from supervisor mode, and the first thing it does is drop you
>> to user mode. You're done at that time.
>>
>> It's been quite a while since I was into such things, and I haven't
>> researched it. Just depending on (increasingly poor) memory.
>>
>> I'm willing to bet that something similar has been in VMS all along.
>
> I realize your saying that's what handlers do, but, in this case there
> apparently is no handler. Could someone write a nasty handler and get
> it installed? I don't know VMS handlers at all so I have no idea how
> one gets put n place. Now, if it were Unix... :-)
>
> bill
>
I don't know what happened, and neither does anyone without the design and
sources. But keep in mind, you can have, in descending priority:
1) Kernel mode handler
2) Exec mode handler
3) supervisor mode handler
4) user mode handler
Just as an example. Now, what caused the error message, don't know. Maybe no
supervisor mode handler?
More information about the Info-vax
mailing list