[Info-vax] How dangerous is it to be able to get into DCL supervisor mode ?
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Tue Jul 4 09:56:16 EDT 2017
In article <ojenjf$iad$1 at dont-email.me>, David Froble <davef at tsoft-inc.com> writes:
>Bill Gunshannon wrote:
>> On 7/3/2017 6:45 PM, Simon Clubley wrote:
>>> On 2017-07-03, Hans Vlems <hvlems at freenet.de> wrote:
>>>> If I understand you well then after crashing DCL your process is left in
>>>> Supervisor mode. Without a CLI how can you exploit that privileged
>>>> position?
>>>
>>> You don't have a process after DCL crashes. The idea is to try and
>>> corrupt
>>> DCL just enough to be able to execute your shellcode without corrupting
>>> it enough to actually crash and terminate your process.
>>>
>>> If you find manage to find a way to obtain this level of control then
>>> that's the point at which a crash becomes an exploit.
>>>
>>> However, at the moment, the process crashes with the following final
>>> status (from the accounting log):
>>>
>>> Final status text: %SYSTEM-F-NOHANDLER, no condition handler found
>>>
>> Just playing devil's advocate.....
>>
>> If you can determine the condition is there any way you could install
>> a handler? That might lead to some interesting situations.
>>
>> bill
>>
>
>Ok, just speculating, the sequence might be CMKRNL then dropping to supervisor
>mode. Now, when in kernel mode, you queue a handler, then go to supervisor
>mode. That handler takes priority over anything you can do from supervisor
>mode, and the first thing it does is drop you to user mode. You're done at that
>time.
Right but you've got to get there first! ;)
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
More information about the Info-vax
mailing list