INFO-VAX Sun, 17 Aug 2008 Volume 2008 : Issue 448 Contents: Re: Avoid printing of SYS$ANNOUNCE ? Re: Avoid printing of SYS$ANNOUNCE ? RE: Central Repository - File Distribution Question (AIX) Re: Copying name database in DECNet-Plus Re: Copying name database in DECNet-Plus Re: Copying name database in DECNet-Plus Re: Copying name database in DECNet-Plus Re: Copying name database in DECNet-Plus Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: DEFCON 16 and Hacking OpenVMS Re: OT: Central Repository - File Distribution Question (AIX) ---------------------------------------------------------------------- Date: Sat, 16 Aug 2008 16:01:40 -0700 (PDT) From: AEF Subject: Re: Avoid printing of SYS$ANNOUNCE ? Message-ID: <194fdad1-798b-4984-808d-d3b069ac1c96@k30g2000hse.googlegroups.com> On Aug 16, 10:26 am, moro...@world.std.spaamtrap.com (Michael Moroney) wrote: > AEF writes: > >Buy another system and form a VMScluster with your existing system. > >Connect the hard-wired terminals to one system and set it up so that > >everyone else connects to the other. Set up different SYS$ANNOUNCE's > >on each system. > > Not really possible. This isn't a real high priority, it's just that I > want things to look better. > > I want to log terminal sessions. I have a captive account that does > the equivalent to SET HOST/LOG 0 to log the terminal session. (I don't > actually use SET HOST/LOG since I want the log file to be sharable but > that's another story). Right now the users see SYS$ANNOUNCE twice, once > for the captive account and once for the logged session. On logout you > see a logout message twice, once for the logged session and oncec for > the captive account. Not a big deal, it just looks funny. Can you leave the captive account logged in? More details might increase the odds of getting a useful answer. E.g., how do you make a shareable log of a new terminal session? [...] AEF ------------------------------ Date: Sun, 17 Aug 2008 00:02:15 +0000 (UTC) From: moroney@world.std.spaamtrap.com (Michael Moroney) Subject: Re: Avoid printing of SYS$ANNOUNCE ? Message-ID: AEF writes: >Can you leave the captive account logged in? I suppose I could do that. >More details might increase the odds of getting a useful answer. E.g., >how do you make a shareable log of a new terminal session? I'm using a modified version of SYS$EXAMPLES:ALPHA_LOGGER.C. Biggest change is creating a detached interactive process instead of a subprocess. ------------------------------ Date: Sat, 16 Aug 2008 18:47:30 +0000 From: "Main, Kerry" Subject: RE: Central Repository - File Distribution Question (AIX) Message-ID: > -----Original Message----- > From: David J Dachtera [mailto:djesys.no@spam.comcast.net] > Sent: August 14, 2008 11:04 PM > To: Info-VAX@Mvb.Saic.Com > Subject: OT: Central Repository - File Distribution Question (AIX) > > Apologies for the OT post. I know some of my fellow VMSers also deal > with AIX. > > What are other AIX sites using to keep scripts, cron jobs, printer > definitions, etc. in-sync across multiple LPARs? We have 10 LPARs right > now, not counting a NIM server which has yet to be built. > > When I've asked in other fora, about the only response I got involved > RSYNC. We don't want to deal with NFS on that scale, so I'm looking for > something uses RSH, SSH, RCP, SCP or ??? instead (preferably some SSL > implementaion). > > The Central Repository could be on Windows or UN*X - doesn't matter to > us. > > Anyone have any ideas? > > D.J.D. How about a clustered file system? Sorry, could not resist. :-) Regards Kerry Main Senior Consultant HP Services Canada Voice: 613-254-8911 Fax: 613-591-4477 kerryDOTmainAThpDOTcom (remove the DOT's and AT) OpenVMS - the secure, multi-site OS that just works. ------------------------------ Date: Sat, 16 Aug 2008 11:09:50 -0700 (PDT) From: "Bart.Zorn@gmail.com" Subject: Re: Copying name database in DECNet-Plus Message-ID: <430700b1-772d-4a97-bfc2-a65aadd30c9b@e39g2000hsf.googlegroups.com> On Aug 16, 5:23=A0pm, samp...@gmail.com wrote: > How does one go about copying the name database from another host in > DECnet-Plus Use RUN SYS$SYSTEM:DECNET_REGISTER and use the export and import function. HTH, Bart Zorn ------------------------------ Date: Sat, 16 Aug 2008 18:14:18 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: Copying name database in DECNet-Plus Message-ID: <00A7E332.D5F6F0CA@SendSpamHere.ORG> In article , sampsal@gmail.com writes: >How does one go about copying the name database from another host in >DECnet-Plus $ MCR DECNET_REGISTER -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM ... pejorative statements of opinion are entitled to constitutional protection no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC) Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside of usenet _must_ include its contents in its entirety including this copyright notice, disclaimer and quotations. ------------------------------ Date: Sat, 16 Aug 2008 13:11:43 -0700 (PDT) From: sampsal@gmail.com Subject: Re: Copying name database in DECNet-Plus Message-ID: On Aug 16, 7:09=A0pm, "Bart.Z...@gmail.com" wrote: > On Aug 16, 5:23=A0pm, samp...@gmail.com wrote: > > > How does one go about copying the name database from another host in > > DECnet-Plus > > Use RUN SYS$SYSTEM:DECNET_REGISTER and use the export and import > function. That seems to offer to import a text file - how do I get this data off the other host a la COPY KNOWN NODES in PhaseIV? Sampsa ------------------------------ Date: Sat, 16 Aug 2008 15:13:37 -0500 From: BRAD@rabbit.turquoisewitch.com (Brad Hamilton) Subject: Re: Copying name database in DECNet-Plus Message-ID: In article , sampsal@gmail.com wrote: >On Aug 16, 7:09 pm, "Bart.Z...@gmail.com" wrote: >> Use RUN SYS$SYSTEM:DECNET_REGISTER and use the export and import >> function. > >That seems to offer to import a text file - how do I get this data off >the other host a la COPY KNOWN NODES in PhaseIV? > >Sampsa You must export the data to a text file on the "source" node, and then import the text file on the "target" node. ------------------------------ Date: Sat, 16 Aug 2008 13:26:15 -0700 (PDT) From: sampsal@gmail.com Subject: Re: Copying name database in DECNet-Plus Message-ID: <2606f781-9cb8-434c-8a1e-87d817cc5170@a70g2000hsh.googlegroups.com> On Aug 16, 9:13=A0pm, B...@rabbit.turquoisewitch.com (Brad Hamilton) wrote: > You must export the data to a text file on the "source" node, and then im= port > the text file on the "target" node. Ok, that's what I thought. I downgraded to PhaseIV anyway since it seems to work better with the other machines on the network (not under my control so no chance to extract the database), and the COPY KNOWN NODES functionality is quite convenient. Sampsa ------------------------------ Date: Sat, 16 Aug 2008 15:31:52 -0700 (PDT) From: bugs@signedness.org Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <814d0db2-f192-4f31-af2b-4e03ea63601f@f63g2000hsf.googlegroups.com> On Aug 16, 7:56 pm, VAXman- @SendSpamHere.ORG wrote: > You can be an ass. Well, we are not the ones telling others to "fuck off", are we? So who is the ass around here? > ------------------------------ Date: Sat, 16 Aug 2008 17:54:37 -0700 (PDT) From: bugs@signedness.org Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <9994beaf-67aa-4ba7-9b77-e8614bd52813@k30g2000hse.googlegroups.com> On Aug 17, 1:22=A0am, Roger Ivie wrote: > On 2008-08-16, John Santos wrote: > > > What I don't understand is do both the Finger bug and the 511-byte DCL > > command bug induce the same vulnerability, or are they two different > > things? > > From what it sounds like to me, no. > > The finger bug involves code somewhere doing something like > > =A0 =A0 printf( Plan ); > > where Plan is an arbitrary string read from the .plan file. If it > contains things understood by printf (say, %d), printf will expect more > parameters to be passed. Since there aren't any, printf tries to fetch > the parameter using whatever random stuff happens to be on the stack, > causing a crash. > > The command recall bug sounds like a garden-variety buffer overflow. A > certain size buffer is allocated in an automatic variable (on the stack) > and the bounds aren't checked when the command line is stored there. > Storing something larger than the buffer space allocated allows you to > munch other things on the stack, like the return address. > > The difference being that the finger bug isn't corrupting the stack, > just pulling unexpected data from it. The command recall bug is > corrupting the stack. > -- > roger ivie > ri...@ridgenet.net You are wrong, writing to the stack is entirely possible (and oh yeah we do have a working exploit for it too! :)) with a format string bug vuln on most implementations including VMS. We have already recommended a paper on format string vulnerabilities. For more info read http://linux.die.net/man/3/printf And here is an example for you:- $ type fmt.c main() { int i=3D0; printf("%.100d %n\n",1,&i); printf("wrote %i to \"i\" using nothing but printf!\n",i); } $ run fmt 000000000000000000000000000000000000000000000000000000000000000000000000000= 00000 00000000000000000001 wrote 101 to "i" using nothing but printf! If we can place the address of a saved return address, function pointer, deconstructor etc on the stack, we then can "pop" enough values of values using things like %x until we reach our target write address. Obviously at this point it is game over controling the PC register.. The remote finger bug is an overflow too and therefore somewhat similar to the cmdline bug but a different bug... The other local finger bug is just plain stupid and not related to any of the other bugs. ------------------------------ Date: Sat, 16 Aug 2008 18:33:13 -0700 (PDT) From: FrankS Subject: Re: DEFCON 16 and Hacking OpenVMS Message-ID: <4228d494-8661-4078-a682-149f65c2af38@z66g2000hsc.googlegroups.com> On Aug 16, 2:21=A0pm, VAXman- @SendSpamHere.ORG wrote: > If you do this, first issue: > > $ SET TERMINAL/UNKNOWN That explains why I didn't see the problem when using a privileged account. It has nothing to do with privilege -- my privileged account has a LOGIN.COM that issues a $SET TERM/INQ, whereas my unprivileged account does not. I tried it on the privileged account by logging in with /NOCOMMAND and the stack dumps did happen. I also logged in using /NOCOMMAND on the system which has all current patches installed and reproduced it there as well. ------------------------------ Date: Sat, 16 Aug 2008 15:18:58 -0500 From: Michael Austin Subject: Re: OT: Central Repository - File Distribution Question (AIX) Message-ID: David J Dachtera wrote: > Apologies for the OT post. I know some of my fellow VMSers also deal > with AIX. > > What are other AIX sites using to keep scripts, cron jobs, printer > definitions, etc. in-sync across multiple LPARs? We have 10 LPARs right > now, not counting a NIM server which has yet to be built. > > When I've asked in other fora, about the only response I got involved > RSYNC. We don't want to deal with NFS on that scale, so I'm looking for > something uses RSH, SSH, RCP, SCP or ??? instead (preferably some SSL > implementaion). > > The Central Repository could be on Windows or UN*X - doesn't matter to > us. > > Anyone have any ideas? > > D.J.D. create a user that exist on all hosts, set up rsa/dsa keys (in the $HOME/.ssh directory) copy all of the public keys to a file called $HOME/.ssh/authorized_keys (specified in the sshd config file) then scp $file $host:$PATH Secure and does not require passwords if you have set every thing up properly. ------------------------------ End of INFO-VAX 2008.448 ************************