On Mon, 2002-09-09 at 18:48, Phil Payne wrote: > A friend of mine collected 'exploits', as we would now refer to them. He had 37 >OS/360 ones, > ranging from the simple SVC 12 (SYNCH) to create an RB and clobber the PSW to >something really > complex involving an ISAM exit routine. He ticked off IBM's closure of all of them >as time > went on.
There are three things that matter beyond this 1. Did every admin apply the fix promptly - this is the biggest single problem in generic computing space. Most major attacks relied on months or years old holes 2. Do IBM also continually have people auditing that code. Not when someone says "Hey there is a hole in the print spooler" but every day of the week. Linux does (and at times they drive me nuts 8)), Microsoft now does, OpenBSD famously does. 3. The fundamental security model of the code. That means security has to be understandable in the codebase. It means the default behaviour if you screw up kernel code has to be an abort or return in unpriviledged state. It means kernel execution clock times should be opaque to the user or never matter (lesson here - people broke password protected file handling on about 8 different OS's by cycle timing. Know the number of cycles executed you knew the number of bytes you guessed...). The mainframe gets a big chunk of this one right - you can run your web server and finance database very seperated because of the way VM virtualization works. So providing you got VM right you have less other places to worry about.
