RE: iSeries buffer overflow immunity? -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

> -----Original Message-----
> From: Rich Duzenbury [mailto:rduz-midrange@xxxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, November 03, 2004 8:54 PM
> To: Midrange Systems Technical Discussion
> Subject: Re: iSeries buffer overflow immunity?
> 
> 
> 
> Hmm.  I'd like to explore this point a bit further.  'variables ...
> wrong'  Or set to values of my will and pleasure?  Imagine I have a
> service where an unprotected buffer is immediately (or even just
> somewhat closely) followed in storage by a 'privileged user' flag. 
> Overflow the buffer and set the privileged user flag!  If 
> done properly,
> attacker has some type of unauthorized access to the system.  No,
> probably not a command line, but perhaps enough to get into the admin
> area of your application.
> 

Nope, can't happen like that.  Perhaps someone else can provide the
technical details off the top of their head.

However, if you're really interested in this type of info.  May I suggest
picking up a copy of "Fortress Rochester : The Inside Story of the IBM
Iseries" by Dr. Frank G. Soltis.   It goes into considerable technical
detail about the iSeries hardware and OS/400.


HTH,
Charles

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.