donna garverick wrote:

> there's a profound difference between how processes/programs run on mpe
> and windows....which is exactly why windows is so prone to virii --
> it's the separation of code and data in the user stack (oh, i hope i
> said that right...).  the really funny thing is, the folks in redmon
> are starting to figure that out...

Profound indeed.  The 3000 (hardware and software) was designed from the
ground up with separation of code and data in mind, as well as
relatively intricate hardware protection mechanisms for storage
protection.  Most windows/unix exploits function at a base level of
overwriting code and/or manipulating the code or data registers
dynamically.  With MPE, you can't overwrite code, and you can't execute
data, and that's a vast majority of the solution right there.

The point was driven home quite well back in the early Posix days,
specifically when the old pioneering (at the time) NCSA httpd server was
ported to MPE.  One of the exploits that targeted NCSA httpd could
compromise the system on most unix and linux implementations, and HPUX
as well.  The MPE port aborted with a VSM protection error, but did not
result in any compromise (only a DoS).

Jeff

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *