> And what about dumps? Operating systems have magic tricks up their sleeves.
> One motivation was to protect intellectual property Risking topic drift there but a major motivation is security. When you read about various vulnerabilities, what is the phase you see again and again? Buffer overrun. Now don't get me started on the sloppy programming that that reveals, and yes, you could overrun a buffer and override a switch or other data value, but Data Execution Prevention makes sure at least that you do not overrun a buffer and then manage to cause a branch to your malicious code. https://en.wikipedia.org/wiki/Executable_space_protection Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Friday, August 19, 2016 11:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: How Does One Make a Module NOEXECute? On Fri, 19 Aug 2016 09:40:38 -0400, Steve Thompson wrote: >I am working on a problem where I have a loadable table. So far I have >specified NOREUS, OL (Load Only). > >In my hazy memory going back into the '70s, I thought there was a way >to mark a module NX (not executable) without having to specify an >unresolvable reference while not using LET. > >What I am trying to do is prevent some HLL from being used to call this >table (because they finger checked on the module name) and passing >control to it. > If you LOAD it you get an address. If you have an address you can branch to it. Some hardware, not z AFAIK, has segment protection that can mark an area readable but not executable or executable but not readable. But then, what about literals? And what about dumps? One motivation was to protect intellectual property by prohibiting copying. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
