[Info-vax] A DCL wish list of sorts...

[Stephen Hoffman]

On 2019-03-22 20:54:59 +0000, pcanagnostopoulos at gmail.com said:

> On Friday, March 22, 2019 at 3:11:55 PM UTC-4, Simon Clubley wrote:
>> The shellcode is not loaded into the DCL command table itself but into 
>> CTL$A_COMMON. On VAX and Alpha, CTL$A_COMMON is both user writable and 
>> executable. The overwritten return address points to within 
>> CTL$A_COMMON so DCL transfers control to this code....
> 
> This is just way too much fun.

The common region remains writable and executable, too; a fixed-address 
block of writeable memory available for exploit code.



-- 
Pure Personal Opinion | HoffmanLabs LLC