Deutsch English Français Italiano |
<86v82wqcby.fsf@linuxsc.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Tim Rentsch <tr.17687@z991.linuxsc.com> Newsgroups: comp.arch Subject: Re: ALTER, ASSIGN and labels-as-values Date: Wed, 29 May 2024 19:10:25 -0700 Organization: A noiseless patient Spider Lines: 27 Message-ID: <86v82wqcby.fsf@linuxsc.com> References: <v1kifk$17qh0$1@dont-email.me> <2024May10.182047@mips.complang.tuwien.ac.at> <v1ns43$2260p$1@dont-email.me> <2024May11.173149@mips.complang.tuwien.ac.at> <v1preb$2jn47$1@dont-email.me> <2024May12.110053@mips.complang.tuwien.ac.at> <6124140226e28fd4afec0b435bdbeca1@www.novabbs.org> <2024May18.104040@mips.complang.tuwien.ac.at> <v2ang4$2smfg$1@dont-email.me> <34sk4jdhf1crb73jdns37e462ciumq5fjp@4ax.com> <v2ubim$3908a$1@dont-email.me> <2024May26.105139@mips.complang.tuwien.ac.at> <pct95j1dl80k9o8m6u7v3srschmh290vjb@4ax.com> <v33r2e$fitt$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Date: Thu, 30 May 2024 04:10:36 +0200 (CEST) Injection-Info: dont-email.me; posting-host="f99b4aa58782395eb767db5eed1c3e33"; logging-data="1597195"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Op4++iC0f5w2g8XAVrDamDHellKCMuZo=" User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.4 (gnu/linux) Cancel-Lock: sha1:ULQP8KieQ80KYcYFZPYWClk3uVI= sha1:TxxtaxmrNJeCM+JYob117qQBWr4= Bytes: 2736 Terje Mathisen <terje.mathisen@tmsw.no> writes: > John Savard wrote: > >> The fact that an ALTER GOTO statement can change where a GOTO >> statement branches - without any indication within the GOTO statement >> itself that it may have other destinatiions than the primary one - >> means that this statement is an _obvious_ method of inserting >> malicious code into the source code of a program. >> >> And indeed, given that COBOL is typically used for programs handling >> financial transactions, I have no doubt that it _was_ so used. >> >> I find this to be an example of incredibly irresponsible language >> design. > > How is this different from having jump/call tables in any other > language, or just a standalone trampoline/indirect jump? > > Under the hood, more or less the exact same thing happens: If you can > reach and modify the jump table, then you can insert your new > functionality/malware before branching back to the original target. The ALTER facility, or any more-or-less equivalent features in other languages, is a high-level language version of self-modifying code. Self-modifying code is bad; ALTER and friends aren't any better, regardless of whether they are easy to implement.