In a way, I miss the days where there was kind of a "gentlemen's agreement" not to abuse vulnerabilities with antisocial behaviour. The Morris worm changed that for networked Unix machines. The Canter & Siegel spam changed that for Usenet. And the beautiful open architecture of everything has devolved into heavily armed conflict where antispam measures mean you can't send email from "interesting" sources, you can be blocked by Cloudflare if they deem your internet behaviour suspicious, where you can be banned for life from important platforms because an algorithm thinks you might cause trouble, etc.
As with so many other things "we can't have nice things" because there are always bad apples, and everything devolves into a standoff between them and everyone else, with lots of collateral damage.
OTOH there was the PDP10, the ITS and Emacs with the policy of keeping everyting open and readable from anyone to anyone, the ultimate hacker's machine so everyone could contribute with cool things. The lack of "mistery" kept potential crackers away because when you are a teen there's no pride on entering an already open system.
On Usenet, adding googlegrups to a killfile blocks the 90% of the pests out there. SLRN will happily purge all the SPAM before entering the thread list.
This is a tangent, but I wonder if tragedy of the commons refers more to the general state consciousness at a time when people first get exposed to common property. My hypothesis is that in the beggining they have a diminished sense of shared ownership, value, and responsibility. For example, when we look at our changing attitude toward the environment, I think people have experienced a drastic increase in their sense of common responsibility.
This is not a vulnerability in 2BSD but rather a consequence of the CPU not having the capability to mark the relevant area of memory as non executable.
EDIT: Actually a fix may not be impossible as 2BSD makes use of the PDP11's ability to have a 64kB text bank and a distinct 64kB data bank. I suspect this may require a major redesign.
>This is not a vulnerability in 2BSD but rather a consequence of the CPU not having the capability to mark the relevant area of memory as non executable.
well, it was a consequence of vulnerabilities like this that CPUs added the capability to mark areas of memory as non-executable, more or less an extension of protected modes that separated different users.
The original von neumann idea that you could execute wherever the program counter was pointing was absolutely "feature" if not "obviously". The harvard architecture separating code and data space was "twice the address space in the same number of bits" beyond its "well the buses are separate anyhow"
It is trivial and intentional bug in the presented hackme.c. The strcpy() to stack allocated buffer there serves no useful purpose (one can just call the printf() with argv[1] directly), but is an obvious thing to exploit.
Also, W^X would not really help there, as what gets overwritten is return address on stack, which is simply data and does not get executed. You would need some kind of stack canaries or control-flow integrity to catch that, which is probably somewhat complicated by the fact that it is in main(). (And also, on PDP-11 overhead of such schemes will probably be significant)
Not actually exploiting 2.11 fwiw but rather showing how to make an exploit payload if there were an exploitable program in 2.11 (which undoubtedly there is, somewhere).
As with so many other things "we can't have nice things" because there are always bad apples, and everything devolves into a standoff between them and everyone else, with lots of collateral damage.