This reminds me of that famous Pogo-ism: "We have met the enemy and they are us."
Ross Patterson <Ross.Patterson To: [EMAIL PROTECTED] @Cox.Net> cc: Sent by: Linux Subject: Re: Probably the first published shell code example for Linux/390 on 390 Port <[EMAIL PROTECTED] ARIST.EDU> 10/30/02 07:35 PM Please respond to Linux on 390 Port At 11:08 10/30/2002 -0500, Post, Mark K wrote: >And the key point here is that "getting in" simply requires modifying known >exploits against vulnerable software with an S/390-specific payload. But it didn't have to be this way. If Linas Vepstas et al. had been able to finish the "Bigfoot" i370 port or if his attempts to influence the IBM s390 port had been successful, we wouldn't have this problem. Linas' port of GCC for "Bigfoot" had the stack growing *upward*, not *downward* as on almost every other platform. Almost half of the CERT vulnerabilities since 1 Jan 2000 are due to buffer overruns (even more if you assume "multiple vulnerabilities" includes some). And most of these buffer overruns are actually stack overruns, allowing the creative cracker to change things like where the current subroutine will return to (in particular, to code that does "evil" things like the phrack shellcode example). It's kind of hard to overwrite your caller's stack frame when it's at a lower address than yours. Linas explained it nicely almost two years ago right here: http://www.marist.edu:8000/htbin/wlvtype?LINUX-VM.1315. Ross Patterson