[Info-vax] Assembly languages

[VAXman- at SendSpamHere.ORG]

In article <t33r9h$pr$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>On 2022-04-11, VAXman-  @SendSpamHere.ORG <VAXman- at SendSpamHere.ORG> wrote:
>> In article <t31ose$pr0$1 at dont-email.me>, Simon Clubley <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>>>
>>>Ok, Brian, you win. I'll be pedantic if you wish. :-)
>>>
>>>Once you have code you control running in one of the hardware inner modes,
>>>you can get to the others without any additional privileges required on
>>>the part of the account doing it.
>>
>> NOT TRUE.  Stop confusing $CMKRNL from EXEC mode with all others.  You can 
>> NOT get to EXEC from SUPERVISOR mode.  Granted, you found an exploit with an
>> installed image but that was corrected.  There's no $CMEXEC jump from SUPER-
>> VISOR mode without privileges vis-a-vis $CMKRNL from EXEC mode.
>>
>
>You are contradicting yourself with the above statements Brian.
>First you say it's not possible, then you say it's possible if the
>supervisor mode code has access to the privileges of the current image.

IT IS NOT THAT SUPERVISOR MODE GRANTED YOU ANY SPECIAL MOVEMENT TO AN INNER
MODE!  You used an image installed with privileges.  The gang that found the
SMG$ bug employed an image installed with privileges FROM USER MODE.  Bugs
occur in software save, of course, yours -- assuming you can write software
or do you just spend your day littering c.o.v? -- because you are perfect in
every way and noone can question your assertions and aspersions.



>As you have been told multiple times Brian, the only fix was to fix
>the buffer overflow that allowed me to get code running within the
>context of DCL itself. There was nothing fixed to reduce what you can
>do once you are in supervisor mode.

You refuse to see reality.  SUPERVISOR mode did NOT grant you access to an
inner mode.  My DCL Debugger runs in SUPERVISOR mode.  Oh, how I'd wished
that your rose-colored world existed but it does not.  I had to go out of
my way to get to inner mode from SUPERVISOR mode to perform certain things
in NON-PRIVILEGED processes debugging DCL.  



>If someone finds another way back into supervisor mode, then supervisor
>mode is still as dangerous as it always was.

Find a way into SUPERVISOR mode?  It's simple.



>For anyone else wondering why supervisor mode is so dangerous, it's
>because code running in supervisor mode has access to the privileges
>of the current image.

So does USER MODE. ;)  



>You are really only limited by your knowledge and imagination with what
>you can do with that. There are two ways I know of to make use of that:
>
>1) The CTRL-Y attack which was part of my exploit.
>
>2) You can activate a privileged image from supervisor mode and then
>use its privileges. You don't have to take my word for this one as
>the image activation sequence is very well documented in the Alpha I&DS
>manual.
>
>If you read the image activation checklist in the Alpha I&DS, you will see
>that the image activator enables the image's privileges in the current
>process and _then_ returns control back to DCL with those elevated
>privileges in place.
>
>So yes, if you have code that you control running in supervisor mode,
>then you can still use it to get into executive or kernel mode.

OK.  Write some SUPERVISOR mode code but don't invoke $IMGACT/$IMGFIX to
activate a privileged installed image.  Please tell me how you get into
any inner modes?  Really, if your way is better than mine, I might redo
my DCL Debugger where it needs inner mode.  Betcha can't!

Actually, I don't expect you to do the above as I've requested it many
times in the past and you OBVIOUSLY can't do it.  Just keep that tirade
against VMS going though.  Oh, if only CJL were still with us.

-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

I speak to machines with the voice of humanity.