Talk:COMPASS

From Wikipedia, the free encyclopedia

The article states "... but to be executed, such programs were required to installed into the operating system via special system editing commands.", which is correct according to official CDC documentation. However, there exists a number of exploits that allowed a non-privileged user to load code into PPU memory.

There were some fun timing attacks that could be exploited on dual-CPU Cyber systems such as the 174. In addition, there were system calls on single CPU models where the PPU would initially validate the call parameters, but then the PPU would continue to use and trust data in the user's address space while performing the call. By careful timing, a user could cause a PPU to modify PPU memory or the memory of another process.

There were OS version specific lines to attacks such as nearly filling up the local file slots with attached files, performing a link and go operation which will fail because the user would exceeds their local file limit. And while the link operation would fail, it would do so leaving a system library attached. Once left attached as a local file, the user could modify the system library and ...

And there were the system calls that trusted fields in the user's first 100 octal words to be correct ...

Under various versions of NOS alone, I recall at least 4 different types of exploits whereby a non-privileged user could modify PPU memory. Yes, in theory the PPU memory was outside the reach of user processes. In practice there were a number of hacks that allowed users to get around that limitation.  ;-) -- chongo 08:39 21 Sep 2006 UTC