Greetings;
They key phrase here is "(if they get in)".
The article itself isn't even up to the "Assembler For Dummies"
level and doesn't reveal any great secrets about getting into
the system.
This is just the latest in a long string of writings by someone
who doesn't know much about S/390 systems for others who don't
know anything about S/390 systems. All it does is increase the
authors prestige among his peers and spread FUD amongst the
uninformed.
Now, if the article detailed an exploit of a buffer overrun
in Apache or Websphere on Linux/390 that would allow execution of
rm -r /
as root, that would be cause for alarm!
Good Luck!
Dennis
|--------+----------------------------------------->
| | Franco Fiorese |
| | <[EMAIL PROTECTED]|
| | uzione.it> |
| | Sent by: Linux on 390 Port |
| | <[EMAIL PROTECTED]> |
| | |
| | |
| | 10/30/02 02:14 PM |
| | Please respond to Linux on 390 |
| | Port |
| | |
|--------+----------------------------------------->
>-------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Probably the first published shell code example for Linux/390
|
>-------------------------------------------------------------------------------------------------------|
Time to get aware of security concerns about Linux on 390.
The last issue of the phrack magazine (a famous hacker magazine)
has an article on how to write a shellcode on the Linux 390
platform with a complete working example.
Here is the URL of the article about the shellcode:
http://www.phrack.org/show.php?p=59&a=130
I have tested it and seems to works fine. With such pieces of
code also the 390 platform (with Linux on it) can be really open
to external attacker (if they get in).
Franco Fiorese
EDS Italy
