mapfortu's Journal: 130917 (cycle)

130917. DTSS tuning.

I have yet been working with Foo' Moe-D to re-enable system broadcast messages from the stronghold. There yet continues to be too much noise on the receiving end for broadcast messages to be a security conscious practice. Subscribers continue to receive system notices upon establishing their connection.

This is a fully functional BASIC core meant to manipulate several arrays of data, provide for some user prompting and input, return a few results, and provide the proper structure and variables (read your variables, do not assign them) to allow for the expansion of the data sets. The purpose for designing a BASIC core to allow for expanded data sets was the intended purpose of the BASIC core as a privelege escalation mechanism. The privelege level of stdout on many systems is considerd to be concrete standard and shells are designed to report the interactive nature of any garbage which it generates; distinguishing between real hot keyboard input and generated garbage. Many receiving processes are sensitive to the privelege bitstream surrounding incoming garbage and it is good security practice to especially sanitize incoming buffers which could be filled with generated garbage. Yet the privelege bitstream surrounding stdout remains. In a related fashion I often like to point to the "ip.c" and associated header files in ContikiOS as a real example of the amount of available privelege bits surrounding what are considered to be concrete standard formats. ContikiOS is not doing anything wrong, similar ip.c formats exist in all operating systems. Often, on tech boards, people wonder at posts claiming the ability to change this that or the other deep setting on ethernet cards, usually in forums discussing network spoofing and snooping. The settings are usually not so easily malleable, except to the hordes or programmers that spent a few months poring over the network stack as part of a programming course in undergraduate school; a few macros away to full configurability. The same is true for stdout.

The BASIC PRINT statement, due to the level of the BASIC interpreter and processes, provides a very desireable target in the realm of inherent privelege escalation. Analagous to compiling your kernel of your favorite OS with a hook to a few macros such that many of your deep settings on your network and video card identifiers are tuneable and not so hard coded. On a system, a DTSS system or really any surrounding OS environment, the running kernel should be able to query the BASIC process and track the location of the DATA pointer. A C program running in the overhead environment, or a small docking script running in a shell, could then pipe data from the overhead OS to the data pointer in the BASIC interpreter. The data could be piped from stdout, from wget or ftp or cvs or another network process, an entire filesystem could be mounted to the pipe to the DATA pointer. The BASIC program performs manipulations on the data, and there are plenty of data arrangements and spaces built into loopd to allow for sector/track or blocksize type tracking, and then the BASIC program sends the data back out. The BASIC PRINT statement could be used to generate stdout with a surrounding bitstream that hides its non-interactive nature.

DTSS tuning, believed by some to be a sorely taxed DTSS system, exists to time the BASIC core manipulating data with the docking program or script funnelling the data into the DATA region. More tuning points would likely be necessary in practice.