× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2004

RE: iSeries buffer overflow immunity?

Beside which, I'll we are talking about here is breaking your home-grown
application security.

Which IMHO, just makes for a better case to make use of OS/400's built-in
security instead of a home-grown model.



Charles Wilt
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121
 

> -----Original Message-----
> From: Chris Bipes [mailto:chris.bipes@xxxxxxxxxxxxxxx]
> Sent: Monday, November 08, 2004 4:29 PM
> To: 'Midrange Systems Technical Discussion'
> Subject: RE: iSeries buffer overflow immunity?
> 
> 
> Agreed,  one can clone your customer socket server by looking at the
> traffic.  But can they reverse engineer you actual program?  See your
> variable layout to find that flag that would allow them to 
> change their
> authority and run system commands?  I could be totally blind 
> about this but
> unless you have the program object, how can you reverse 
> engineer the actual
> code to get the pointers to data and procedures.
> 
> Chris Bipes
> 
> -----Original Message-----
> 
> Don't necessarily assume since your custom socket server 
> isn't "standard"
> that it can't be hacked. My understanding is the Samba group reverse
> engineered Microsoft's SMB protocol when developing Samba. 
> Then again, they
> had hundreds (thousands?) of samples of SMB traffic to work with...
> --
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.