This reminds me of that famous Pogo-ism:
"We have met the enemy and they are us."
Ross Patterson
<Ross.Patterson To: [EMAIL PROTECTED]
@Cox.Net> cc:
Sent by: Linux Subject: Re: Probably the first
published shell code example for Linux/390
on 390 Port
<[EMAIL PROTECTED]
ARIST.EDU>
10/30/02 07:35
PM
Please respond
to Linux on 390
Port
At 11:08 10/30/2002 -0500, Post, Mark K wrote:
>And the key point here is that "getting in" simply requires modifying
known
>exploits against vulnerable software with an S/390-specific payload.
But it didn't have to be this way. If Linas Vepstas et al. had been able
to finish the "Bigfoot" i370 port or if his attempts to influence the IBM
s390 port had been successful, we wouldn't have this problem. Linas' port
of GCC for "Bigfoot" had the stack growing *upward*, not *downward* as on
almost every other platform. Almost half of the CERT vulnerabilities since
1 Jan 2000 are due to buffer overruns (even more if you assume "multiple
vulnerabilities" includes some). And most of these buffer overruns are
actually stack overruns, allowing the creative cracker to change things
like where the current subroutine will return to (in particular, to code
that does "evil" things like the phrack shellcode example). It's kind of
hard to overwrite your caller's stack frame when it's at a lower address
than yours.
Linas explained it nicely almost two years ago right here:
http://www.marist.edu:8000/htbin/wlvtype?LINUX-VM.1315.
Ross Patterson
