Re: Whither VMS?

From: Jordi Guillaumes i Pons <send.me@xxxxxxx>
Date: Fri, 02 Oct 2009 18:20:22 +0200

En/na Bob Eager ha escrit:

interesting, since in architectures like x86 that can overwrite the
stack frame

As you can in the VAX...

Specially if you program in C and "think" in C. If you follow the rules (VAX Calling and Conditio Handling IIRC) you should use descriptors to pass strings. And your routine _should_ check if the lenght of the string passed as parameter fits in your buffer.

C is a good language for systems programming. I've always thought of it as an assembly language on steroids. For a systems programmer pointers are part of his daily life. But those things have no place in a payroll program. And, for the sake of the security, neither in a web server.

Of course, that could'nt happen in a VAX. All you would get is a ACCVIO,
since VAX has a exec bit for each page, and the stack should not be exec
utable. But on the x86 they have that kind of protection only recently.

The exec bit won't save the stack frame. It'll stop part of the stack being executed as code, and it'll stop a corrupted return link diving into non-code, but it won't stop a corrupted return link diving into a different bit of code.

Yep, but if the stack itself is not executable the bad guy will have more difficulties to do nasty things. First of all, he (or she) will not be able of putting a snippet of code in the stack. Yes, he could redirect the program to do nasty things... but not WHATEVER nasty thing.

Oh, by the way, I don't have if this has REALLY happened. Do you nou about any succesful attack against a VAX running VMS using a buffer/stack overflow?

.

Follow-Ups:
- Re: Whither VMS?
  - From: Michael Kraemer
- Re: Whither VMS?
  - From: Bob Koehler

References:
- Re: Whither VMS?
  - From: Bob Eager
- Re: Whither VMS?
  - From: Bob Koehler
- Re: Whither VMS?
  - From: Bob Eager
- Re: Whither VMS?
  - From: glen herrmannsfeldt
- Re: Whither VMS?
  - From: Michael Kraemer
- Re: Whither VMS?
  - From: Jordi Guillaumes i Pons
- Re: Whither VMS?
  - From: Bob Eager

Prev by Date: Re: Whither VMS?
Next by Date: Re: MMK v. me, old and new problems.
Previous by thread: Re: Whither VMS?
Next by thread: Re: Whither VMS?
Index(es):
- Date
- Thread

Relevant Pages

Re: Wanted: Alisashare / Alisatalk for VMS / VAX
... VAX or Alpha? ... Digital Licensed the AlisaShare code from Alisa systems. ... We also licensed the Macintosh DECnet stack from Thursby Systems ... so the next release was PATHWORKS. ...
(comp.os.vms)
Re: VMS in the medical field
... In the case of VAX, is the memory used to ... store the stack embedded into the CPU chip and fixed in size? ... VAX and Alpha both have stacks. ...
(comp.os.vms)
Re: Poulson 6 times more powerful than Tukwilla?
... the routines would handle that case. ... it was the calling program that pushed the arguments onto the stack in the ... The details of Alpha architecture argument passing mechanisms do differ from those of VAX. ...
(comp.os.vms)
Re: Threaded application crashes on a VAX, but not on an Alpha
... >> The application also crashes when run in the debugger on the VAX. ... > Threads assume a small stack per thread. ... > reference copy of the the pthread header file to see the minimum size ... The stack size on the Alpha is 16200 bytes. ...
(comp.os.vms)
Re: substring finding problem!
... recursive function tends to make me worry about blowing the stack. ... could hey presto realloc strings "under the covers". ... the storage complexity is real if hidden. ...
(comp.lang.c)