Если хотите узнать почему мэйнфрэйм unbreackable откройте пожалуйста новый топик и я Вам постараюсь объяснить.
Я весь внимание.
Mainframe Unbreakable
-
Michael Popov
- Уже с Приветом
- Posts: 991
- Joined: 09 Sep 2001 09:01
- Location: The Earth
Mainframe Unbreakable
zVlad писал в соседнем топике
Я весь внимание.
Я весь внимание.
Best regards,
Michael Popov
Michael Popov
-
zVlad
- Уже с Приветом
- Posts: 15409
- Joined: 30 Apr 2003 16:43
OK. Just for short introduction. Mainframe (IBM) has hardware (pay attention to this) options to protect system from application programs, and application programs from each other. Those options are:
- problem status and supervisor status. This is a most important mechanism in protection. Shortly saying, all CPU instructions are divided into two major groups:
- General instructions, and
- Privileged instructions. They may be executed only when the CPU is in the supervisor state. An attempt to execute a privileged instruction in the problem state generates a privileged-operation exception. All program but system run in problem status. There is no way to change problem status to supervisor status. Without having Supervisor Status it is impossible to impact on anything but programs' resources. Of course, CPU command which allows to switch into Supervisor is a privileged command.
- memory protection. Each process has "PSW key-mask" (0-15). This key is stored in Program Status Word (PSW) of each program. Each page of memory has its own keys (0-15). Each machine (CPU) command has control for "protection key". That means when CPU command wants to touch any memory for any reason (read, write, branch to...), first it will be tested on matching of key in memory to PSW key-mask.
This type of protection was invented for very first generations of IBM mainframes. Now it is used in combination with more modern mechnism, which is Dynamic address translation (DAT). Direct purpose of DAT is to support virtual memory. But in combination with OS it makes OS itself and program's address space totally protected. Tottaly means there is no way to access neither OS memory nor others programs' memory.
- I/O protection. To initiate I/O operation program must issue CPU instruction SIO (start I/O). This command could be issued in Supervisor Status. That means all requests for I/O come through and controlled by OS (Supervisor I/O). There is no term like "device driver" in mainframe world. Actually, program calls Access Method Program to perform I/O operation. And by the way, it is possible to use one program for different devices without having to tell to program about it. Exchanges between problem programs and OS are made using buffers.
Last viruses LoveSan come via TCP when data was made bigger than it supposed to be. I understand it like program on one side tell to another program: " I want to send 100 bytes to you", and send 200 bytes. As a result 100 extras are wrriten to uncontrolled memory and can be activated as a code. Right?
In contrast, mainframe I/O system was built differently. When system needs to get some data from outside (from network, dasd, tapes, whatever) CCW - channel command word is created. Among others those CCWs have lenght of data to be read, and if external environment tries to give more than was negotiated I/O error wil be rised and I/O operation will be canceled without even accepting data by CPU.
Above is very simplified introduction to what mainframe has in terms of protection. Many more hardware and software mechanisms exist, and as a result viruses are impossible for mainframe. Even if you have connection to OS and can write programs, you still not able to impact on any OS or other problem programs. You can only impact on those resources which were allocated for you by OS. Process of allocation is controlled by RACF (Resource Access Control Facility). Shortly saying, each attempt to get resources (any resource. For example, remote access to DB2) will be controlled by RACF and you'll be able to use them if you are authorized.
I know, each modern OS on each platform has its own protection and control. But, way, it was made on mainframe make mainframes unbreakable from external and actually internal users, programs, whatever. Simpliest evidence for this is nobody ever heard about viruses on mainframes.
- problem status and supervisor status. This is a most important mechanism in protection. Shortly saying, all CPU instructions are divided into two major groups:
- General instructions, and
- Privileged instructions. They may be executed only when the CPU is in the supervisor state. An attempt to execute a privileged instruction in the problem state generates a privileged-operation exception. All program but system run in problem status. There is no way to change problem status to supervisor status. Without having Supervisor Status it is impossible to impact on anything but programs' resources. Of course, CPU command which allows to switch into Supervisor is a privileged command.
- memory protection. Each process has "PSW key-mask" (0-15). This key is stored in Program Status Word (PSW) of each program. Each page of memory has its own keys (0-15). Each machine (CPU) command has control for "protection key". That means when CPU command wants to touch any memory for any reason (read, write, branch to...), first it will be tested on matching of key in memory to PSW key-mask.
This type of protection was invented for very first generations of IBM mainframes. Now it is used in combination with more modern mechnism, which is Dynamic address translation (DAT). Direct purpose of DAT is to support virtual memory. But in combination with OS it makes OS itself and program's address space totally protected. Tottaly means there is no way to access neither OS memory nor others programs' memory.
- I/O protection. To initiate I/O operation program must issue CPU instruction SIO (start I/O). This command could be issued in Supervisor Status. That means all requests for I/O come through and controlled by OS (Supervisor I/O). There is no term like "device driver" in mainframe world. Actually, program calls Access Method Program to perform I/O operation. And by the way, it is possible to use one program for different devices without having to tell to program about it. Exchanges between problem programs and OS are made using buffers.
Last viruses LoveSan come via TCP when data was made bigger than it supposed to be. I understand it like program on one side tell to another program: " I want to send 100 bytes to you", and send 200 bytes. As a result 100 extras are wrriten to uncontrolled memory and can be activated as a code. Right?
In contrast, mainframe I/O system was built differently. When system needs to get some data from outside (from network, dasd, tapes, whatever) CCW - channel command word is created. Among others those CCWs have lenght of data to be read, and if external environment tries to give more than was negotiated I/O error wil be rised and I/O operation will be canceled without even accepting data by CPU.
Above is very simplified introduction to what mainframe has in terms of protection. Many more hardware and software mechanisms exist, and as a result viruses are impossible for mainframe. Even if you have connection to OS and can write programs, you still not able to impact on any OS or other problem programs. You can only impact on those resources which were allocated for you by OS. Process of allocation is controlled by RACF (Resource Access Control Facility). Shortly saying, each attempt to get resources (any resource. For example, remote access to DB2) will be controlled by RACF and you'll be able to use them if you are authorized.
I know, each modern OS on each platform has its own protection and control. But, way, it was made on mainframe make mainframes unbreakable from external and actually internal users, programs, whatever. Simpliest evidence for this is nobody ever heard about viruses on mainframes.
-
Oleg_B
- Уже с Приветом
- Posts: 5406
- Joined: 16 Apr 1999 09:01
- Location: MA
-
lxf
- Уже с Приветом
- Posts: 13482
- Joined: 04 Jul 2001 09:01
- Location: Boston, MA
-
SVK
- Уже с Приветом
- Posts: 8255
- Joined: 23 Jul 2003 03:53
- Location: SPb - KW - NY - CT - MD
Oleg_B wrote:Ну да, гораздо лучше, чем 8088 под ДР-ДОС...
А от нынешней-то РС под ХР чем отличается?
Встречаются два системных администратора, и один спрашивает другого:
- Ты чего такой грустный?
- Да вот сервер вчера "упал".
- Ну да ты что, его до сих пор не "поднял"?
- Да он со стола упал...
LG - Life's good.
But good life is much better.
But good life is much better.
-
Michael Popov
- Уже с Приветом
- Posts: 991
- Joined: 09 Sep 2001 09:01
- Location: The Earth
1) "CPU instructions are divided into two major groups"
которые называются ring 0 and ring 3
?
или Вы имееете в виду разницу между kernel mode and user mode ? Так это тоже является общим для всех систем (не ДОС
)
2) "memory protection"
Ну со времен Win 3.1 эта проблема решена
3) "There is no term like "device driver" in mainframe world. Actually, program
calls Access Method Program to perform I/O operation"
В чем принципиальная разница между device driver и Access Method Program ?
4) "Last viruses LoveSan come via TCP when data was made bigger than it supposed to be. I understand it like program on one side tell to another program: " I want to send 100 bytes to you", and send 200 bytes. As a result 100 extras are wrriten to uncontrolled memory and can be activated as a code. Right?"
Не знаю про этот вирус, но если на mainframe есть stack, а в старом добром C есть функция scanf, то memory overflow никто не отменяет. И TCP здесь не при чем.
5) "Shortly saying, each attempt to get resources (any resource. For example, remote access to DB2) will be controlled by RACF and you'll be able to use them if you are authorized. "
И любой third-party vendor должен давать какой-то extension for RACF если он хочет поставить свою аппликацию ? И кстати, RACF работает на всех десятках вируальных Linux machine которые централизованно бегут на одном mainframe ?
6) "Simpliest evidence for this is nobody ever heard about viruses on mainframes."
Это просто у хацкеров проблема откомпилировать сорсы под mainframe
Последняя маркетинговая компания со словом unbreakable помните, чем закончилась ?
которые называются ring 0 and ring 3
?
или Вы имееете в виду разницу между kernel mode and user mode ? Так это тоже является общим для всех систем (не ДОС
)
2) "memory protection"
Ну со времен Win 3.1 эта проблема решена
3) "There is no term like "device driver" in mainframe world. Actually, program
calls Access Method Program to perform I/O operation"
В чем принципиальная разница между device driver и Access Method Program ?
4) "Last viruses LoveSan come via TCP when data was made bigger than it supposed to be. I understand it like program on one side tell to another program: " I want to send 100 bytes to you", and send 200 bytes. As a result 100 extras are wrriten to uncontrolled memory and can be activated as a code. Right?"
Не знаю про этот вирус, но если на mainframe есть stack, а в старом добром C есть функция scanf, то memory overflow никто не отменяет. И TCP здесь не при чем.
5) "Shortly saying, each attempt to get resources (any resource. For example, remote access to DB2) will be controlled by RACF and you'll be able to use them if you are authorized. "
И любой third-party vendor должен давать какой-то extension for RACF если он хочет поставить свою аппликацию ? И кстати, RACF работает на всех десятках вируальных Linux machine которые централизованно бегут на одном mainframe ?
6) "Simpliest evidence for this is nobody ever heard about viruses on mainframes."
Это просто у хацкеров проблема откомпилировать сорсы под mainframe
Последняя маркетинговая компания со словом unbreakable помните, чем закончилась ?
Last edited by Michael Popov on 28 Aug 2003 21:28, edited 1 time in total.
Best regards,
Michael Popov
Michael Popov
-
chilanzar
- Уже с Приветом
- Posts: 1079
- Joined: 17 Jun 2003 04:41
Michael Popov wrote:2) "memory protection"
Ну со времен Win 3.1 эта проблема решена
да? это вы моему писюку расскажите, который мне все время крэши устраивает с memory exception. особенно когда делаешь copy and paste. Windows NT.
3) "There is no term like "device driver" in mainframe world. Actually, program
calls Access Method Program to perform I/O operation"
В чем принципиальная разница между device driver и Access Method Program ?
в теории не знаю, в практике - надежность
И любой third-party vendor должен давать какой-то extension for RACF если он хочет поставить свою аппликацию ? И кстати, RACF работает на всех десятках вируальных Linux machine которые централизованно бегут на одном mainframe ?
насколько я знаю, RACF ограничивает доступ юзера (реального человека с логин Айди и пассвордом или программы) к ресурсу.
6) "Simpliest evidence for this is nobody ever heard about viruses on mainframes."
Это просто у хацкеров проблема откомпилировать сорсы под mainframe
ну какая разница почему? главное что не могут
-
Michael Popov
- Уже с Приветом
- Posts: 991
- Joined: 09 Sep 2001 09:01
- Location: The Earth
chilanzar wrote:Michael Popov wrote:2) "memory protection"
Ну со времен Win 3.1 эта проблема решена
да? это вы моему писюку расскажите, который мне все время крэши устраивает с memory exception. особенно когда делаешь copy and paste. Windows NT.
Tак это как раз memory protection и работает, потому что аппликация пытается лезть не в свою память.
Best regards,
Michael Popov
Michael Popov
-
chilanzar
- Уже с Приветом
- Posts: 1079
- Joined: 17 Jun 2003 04:41
-
zVlad
- Уже с Приветом
- Posts: 15409
- Joined: 30 Apr 2003 16:43
OK, Michael, questions for you:
1. Let's say I am a regular user in NT on my desktop. Can I write a program for my worstation and crush, or change system crucial data?
Nu vot priplyli (E-mail from our PC group):
"Computer Virus Alert
Lately there has been an increase in Internet-based viruses, primarily those sent via e-mail with file attachments or links to external Web sites. Some notable viruses are "SoBig" and "W32/Dumaru."
To help reduce the risk of these viruses infecting OPG systems, please exercise caution when reading e-mail with file attachments or links to Internet Web sites.
Do NOT launch unknown file attachments or click links to unknown Web sites."
1. Let's say I am a regular user in NT on my desktop. Can I write a program for my worstation and crush, or change system crucial data?
Nu vot priplyli (E-mail from our PC group):
"Computer Virus Alert
Lately there has been an increase in Internet-based viruses, primarily those sent via e-mail with file attachments or links to external Web sites. Some notable viruses are "SoBig" and "W32/Dumaru."
To help reduce the risk of these viruses infecting OPG systems, please exercise caution when reading e-mail with file attachments or links to Internet Web sites.
Do NOT launch unknown file attachments or click links to unknown Web sites."
-
Michael Popov
- Уже с Приветом
- Posts: 991
- Joined: 09 Sep 2001 09:01
- Location: The Earth
zVlad wrote:OK, Michael, questions for you:
1. Let's say I am a regular user in NT on my desktop. Can I write a program for my worstation and crush, or change system crucial data?
Если у Вас привилегии администратора в системе, то Вы можете сделать с ней все что угодно. Если Вы на Win 2000 как обычный юзверь, то при правильно сконфигурированной системе, ничего плохого Вы сделать не можете (в теории
). Все это справедливо и для других систем вроде Unix.
У меня к Вам встречный вопрос. Как будут работать все эти protection механизмы на Linux бегущем на mainframe ? Если там зашит "троян-демон", бегущий под root account, который периодически посылает файл паролей по какому-то адресу WasjaPupkin.com, то как будут работать защитные механизмы принадлежащие именно mainframe ?
Best regards,
Michael Popov
Michael Popov
-
zVlad
- Уже с Приветом
- Posts: 15409
- Joined: 30 Apr 2003 16:43
Michael wrote: "И кстати, RACF работает на всех десятках вируальных Linux machine которые централизованно бегут на одном mainframe ?"
No, RACF is working on VM (or MVS) level and controls attemps to access resources from within virtual machines (address spaces in case of MVS). Inside virtual machine (or address space), Linux will control as it is defined in Linux. It is still possible for Linux (and any other third-party software) to use RACF functionality to control access within its VM (AS) to their resources.
For example, DB2 can control access to DB2 resources or we can specify in RACF who is autorized to use which DB2 resources. Each time when somebody tries to access protected DB2 resource, DB2 comes to see RACF and asks him: "if this guy authorized to access it?"
You also wrote: "Не знаю про этот вирус, но если на mainframe есть stack, а в старом добром C есть функция scanf, то memory overflow никто не отменяет."
I'm not a guru in C. C is available on mainframe for many years. I don't understand what "memory overflow" means. My understanding is that if C program will write something into stack, then underlying services will request memory from OS, piece by piece, and when this program reaches limit for memory allocation then OS will cancel such C program (or whatever program) with system code (there are few of them). That's it.
No, RACF is working on VM (or MVS) level and controls attemps to access resources from within virtual machines (address spaces in case of MVS). Inside virtual machine (or address space), Linux will control as it is defined in Linux. It is still possible for Linux (and any other third-party software) to use RACF functionality to control access within its VM (AS) to their resources.
For example, DB2 can control access to DB2 resources or we can specify in RACF who is autorized to use which DB2 resources. Each time when somebody tries to access protected DB2 resource, DB2 comes to see RACF and asks him: "if this guy authorized to access it?"
You also wrote: "Не знаю про этот вирус, но если на mainframe есть stack, а в старом добром C есть функция scanf, то memory overflow никто не отменяет."
I'm not a guru in C. C is available on mainframe for many years. I don't understand what "memory overflow" means. My understanding is that if C program will write something into stack, then underlying services will request memory from OS, piece by piece, and when this program reaches limit for memory allocation then OS will cancel such C program (or whatever program) with system code (there are few of them). That's it.
-
Amirko
- Уже с Приветом
- Posts: 5199
- Joined: 08 Jul 2002 09:36
- Location: В глухой провинции, у моря...
zVlad wrote:I know, each modern OS on each platform has its own protection and control. But, way, it was made on mainframe make mainframes unbreakable from external and actually internal users, programs, whatever. Simpliest evidence for this is nobody ever heard about viruses on mainframes.
Unbreakable, говорите? Да я лично разобрал 2 мейнфрейма.
Last edited by Amirko on 29 Aug 2003 01:23, edited 1 time in total.
Cheers,
Amirko
Amirko
-
A. Fig Lee
- Уже с Приветом
- Posts: 12072
- Joined: 17 Nov 2002 03:41
- Location: английская колония
-
VYLE
- Уже с Приветом
- Posts: 1772
- Joined: 06 Sep 2001 09:01
- Location: Boston, MA -> Charlotte,NC ->Danbury,CT