Talk:COMPASS

The article states "... but to be executed, such programs were required to installed into the operating system via special system editing commands.", which is correct according to official CDC documentation. However, there exists a number of exploits that allowed a non-privileged user to load code into PPU memory.


 * can you please, explain this hacking approach more carefully. What exploits do you mean?

There were some fun timing attacks that could be exploited on dual-CPU Cyber systems such as the 174. In addition, there were system calls on single CPU models where the PPU would initially validate the call parameters, but then the PPU would continue to use and trust data in the user's address space while performing the call. By careful timing, a user could cause a PPU to modify PPU memory or the memory of another process.


 * As far as I remember, the PPUs threaded time-sliced by a hardware clock, and registers were snapped by this clock. The whole system didn't know anything about interrupts. All where done by hardware based register contents exchange. How could a user break in using careful timing? Would you please so kind to explain?

There were OS version specific lines to attacks such as nearly filling up the local file slots with attached files, performing a link and go operation which will fail because the user would exceeds their local file limit. And while the link operation would fail, it would do so leaving a system library attached. Once left attached as a local file, the user could modify the system library and ...


 * Hmm, at an early stage CDC introduced access, execution, control, and write access rights. These bits were fairly hold in the FET. I do not know of which OS you are talking about, and I will not discuss later OS than NOS because I left CDC then. But in the early years, I cannot remember of any break into the NOS**/SCOPE** systems. Perhaps, you know more about...?

And there were the system calls that trusted fields in the user's first 100 octal words to be correct ...
 * Hmm again... Do you mean the RPV, the XJ, the?? You could have written a lot of shit into the XJ-area. If 1PP didn't accept, you were out. So, what are you talking about here?

Under various versions of NOS alone, I recall at least 4 different types of exploits whereby a non-privileged user could modify PPU memory. Yes, in theory the PPU memory was outside the reach of user processes. In practice there were a number of hacks that allowed users to get around that limitation. ;-) -- chongo 08:39 21 Sep 2006 UTC


 * aha, could you please recall in detail for dummies like me to follow you? -wf, 85.178.31.145 (talk) 23:21, 17 February 2010 (UTC)