On Thursday, 07/20/2006 at 12:40 EST, Alan Ackerman <[EMAIL PROTECTED]> wrote: > To the extent that large parts of the VM TCP/IP stack are written in C, the > exposure exists. I'm > sure that IBM is well aware of this, and I hope they have found and plugged all > such holes, but there can be no guarantee.
None of the TCP/IP stack itself is written in C, though a few of the applications are. Most of the TCP/IP suite [that people actually use] is written in Pascal, where, like PL/I, strings are VARYING and the runtime library checks for lengths. And it isn't really about the *existence* of bugs, but their effects. An overlay in the VM application will compromise neither CP nor the stack nor the other applications. And if you do manage to hijack an application, you will have only the privileges of that virtual machine. And the sufficiently paranoid will play with privilege classes to give just enough authority for the app to do its job and no other. > Personally, I've only seen two security exposures in VM. Neither was due to a > buffer overflow. That's an awfully small sample, though. Some statistics: - In VM/XA there were 8 security problems found. The earliest was in 1988. - In VM/ESA and z/VM *combined*, there have been only 9 problems, with the vast majority found more than a decade ago. Two of those were the same as in VM/XA (same code base). So, 7 unique problems. - In VM TCP/IP, there have been 14 problems since 1995 and except for one or two, they've all been application server fixes. And many of them don't really deserve (IMO) the "security/integrity" classification. Bottom line: 29 problems in 19 YEARS. I'm extremely proud of the VM team's accomplishments in this area - it's nothing short of astonishing. Oh, and while it's tempting to average that number out to 1.5 problems per year, don't. The front end of the CP and TCP/IP trains are where most of the APARs are found. Excluding the TCP/IP suite gives you a more accurate picture of CP's robustness: only 15 problems. Alan Altmark z/VM Development IBM Endicott
