Cryptolocker (was RE: Is tape dead?

Jon Elson elson at
Wed Sep 16 20:36:39 CDT 2015

On 09/16/2015 01:29 PM, Paul Koning wrote:
> I never had any incentive to look for holes in CDC 
> operating systems, but I still remember a simple hole I 
> found in OS/360, about a month after I first wrote a 
> program for that OS. It allowed anyone to run supervisor 
> mode code with a couple dozen lines of assembler source 
> code. I found it on OS/PCP 19.6, but I noticed in graduate 
> school that it still worked on the university's 370 
> running OS/MVS 21.7. (The magic? Use the OS service to 
> give a symbolic name to a location in your code, with a 
> well chosen name, then give that name as the name of the 
> "start I/O appendage" in an EXCP style I/O request.) paul 
Yup, the classic breakin was you set up an exception handler 
with SPIE (specify program  interrupt exit, I think) and 
then do a divide by zero.  This gives the handler the PSW of 
the problem program. You turn the P bit of the PSW off and 
return.  The stock OS would actually ALLOW you to DO this, 
and just return to the user program now in supervisor 
state!  It was a VERY simple fix, you just don't allow any 
exception handler to change the state of the P bit.  But, 
MANY systems did not do that check.

So MANY other weaknesses could easily be caused by 
accident.  Like, the file that contained valid account 
numbers was often not protected.  Anybody could just print 
out that file.


More information about the cctalk mailing list