Earlier I wrote:

>Most operating systems today are smart enough to copy the password
>elsewhere before comparing it (this was fixed in MPE around 1980, as I
>recall).

Sorry -- this attack doesn't work on the HP3000, because of the stack
layout. What was fixed around 1980 was another handy security hole: MPE
has to read the file label into memory in order to check the lockword.
This used to be done on the user's stack, leaving an image of the file
label in user-accessible memory.

-- Bruce


--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
btoback AT optc.com                |     -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.