Unfortunately, a recent issue of Phrack had a detailed article about converting x86 exploit code to the s/390.
obscurity != security. It may take a little more effort for someone to run the exploit on s/390, but the payoff of playing with big iron sure makes it tempting! -m > Think about what a virus, trojan or worm writer needs to develop his/her > code. They all have a stock standard x86 PC. > Do they have a S/390 or zSeries? (Ignoring Hercules for the moment.) > > Look at Code Red (I & II) and Nimda [1]. They inserted x86 code into MS > IIS on an intel machine. Look at Bugbear - it's delivering MS specific > code (exploiting an old Outlook exploit again). Most (is it as much or > more than 95%) of infectious code is for MS WinXX on intel. > Looking at recent Linux exploits; even the Apache SSL V1 Slapper probably > wouldn't do anything more than take a segmentation fault on a S/390 or > zSeries penguin (it was taking a segfault on my x86 SuSE Linux system > before I patched it). The same goes for PowerPC and other non-intel > archictectures. I think we also get some protection since Linux for > zSeries is big-endian. > > So while security patches should be applied when available, I'm not sure, > IMHO, that there is the same degree of urgency to apply them. > > Hercules does pose a risk, it gives the determined cracker an emulated > platform to develop code that can exploit our platform. It runs on his > stock standard x86 PC. Are they going to bother with Herc, when writing > code to exploit x86 is so much easier? What are their motives? What do > they get from writing this malicious code? Is this just the script kiddies > with too much spare time? > > So the answer isn't "no" it is "less vulnerable". > > > If yes! > > Why there are security fixes for Debian 3.0 for S/390? > > > > If not! > > Is RH72 for S/390 insecurer than RH72 for x86? > > > > It's all about assessing the risk vs the cost. You can probably take the > NOARCH srpms and build from source if you're very paranoid or are running > a very sensitive application. I agree with Mark Post's reply "If you've > bought support, ask RedHat". > > Regards, Dougie Lawson > > -- > ITS Technical Support > SupportLine for IMS, DB2 & Linux > > [1] http://www.icir.org/vern/talks/vp-0wn-UCB.pdf
