[Info-vax] Whither VMS?
glen herrmannsfeldt
gah at ugcs.caltech.edu
Thu Oct 1 14:41:17 EDT 2009
John Wallace <johnwallace4 at yahoo.co.uk> wrote:
(big snip)
> In addition to the above (thank you for saving me pointing out that
> the right answer late is sometimes unacceptable ie wrong), there seems
> to be a class of security exploit which involves building a string
> with an embedded null followed by data which isn't ignored because the
> string length processing is different depending on who's doing it.
> E.g. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
>
> .ASCIZ was OK for MACRO11 and similar static strings, but for dynamic
> stuff, descriptors and support routines are hard to beat.
So was DEC the originator of null terminated strings?
-- glen
More information about the Info-vax
mailing list