[Info-vax] Whither VMS?
Jordi Guillaumes i Pons
send.me at no.spam
Fri Oct 2 12:20:22 EDT 2009
En/na Bob Eager ha escrit:
>>interesting, since in architectures like x86 that can overwrite the
>>stack frame
>
>
> As you can in the VAX...
Specially if you program in C and "think" in C. If you follow the rules
(VAX Calling and Conditio Handling IIRC) you should use descriptors to
pass strings. And your routine _should_ check if the lenght of the
string passed as parameter fits in your buffer.
C is a good language for systems programming. I've always thought of it
as an assembly language on steroids. For a systems programmer pointers
are part of his daily life. But those things have no place in a payroll
program. And, for the sake of the security, neither in a web server.
>>Of course, that could'nt happen in a VAX. All you would get is a ACCVIO,
>>since VAX has a exec bit for each page, and the stack should not be exec
>>utable. But on the x86 they have that kind of protection only recently.
>
>
> The exec bit won't save the stack frame. It'll stop part of the stack
> being executed as code, and it'll stop a corrupted return link diving
> into non-code, but it won't stop a corrupted return link diving into a
> different bit of code.
Yep, but if the stack itself is not executable the bad guy will have
more difficulties to do nasty things. First of all, he (or she) will not
be able of putting a snippet of code in the stack. Yes, he could
redirect the program to do nasty things... but not WHATEVER nasty thing.
Oh, by the way, I don't have if this has REALLY happened. Do you nou
about any succesful attack against a VAX running VMS using a
buffer/stack overflow?
More information about the Info-vax
mailing list