Container escape on zCX - DEFCON 29

I can recommend this video about two hackers escaping a running container deployed on IBM zCX feature. It is interesting to see the approach from both sides (z/OS and Linux).

Youtube : DEF CON 29 - Ian Coldwater, Chad Rikansrud - Real Life Story of the 1st Mainframe Container Breakout

Yes, they escaped the linux container. In fact, they did not escape from the virtual machine (running a s390x Linux Ubuntu based image) to the running zCX address space.

I am curious what will come in the future.

Walmart z/OS Services

TL;DR: That was kind of an unexpected outcome of today’s session… Walmart published the source code of their internal z/OS-CICS services (zUID, zECS & zFAM)on GitHub!

I visited a pre-Conference of the ceCMG group today, which was given the title: “IBM Z Modernization”. It turned out that two guys from Walmart came in and talked about their success story in turning their Mainframes to a modern system. We are talking about Rich Jackson and Randy Frerking. In fact, both published several Redbooks together with IBM, namely Creating IBM z/OS Cloud Services, How Walmart Became a Cloud Services Provider with IBM CICS and IBM CICS and the Coupling Facility: Beyond the Basics. We are not talking about some application services, but we are talking about system services. These two guys are pushing the limits of the current technology mostly to the edge, and we are talking here about IBM System Z limits.

Those guy started of there idea of a service with a alternative key-value cache based on CICS, VSAM and z/OS facilities. This was the beginning of a long travel, and they are currently running a self service for different z/OS system configuration and management things. And their starting point was the best you can have: make the live easier for you and the others.

Beside third party services, like MQ configuration for development purposes or RACF thing, they started with something else.. basically they implemented three “products”, which they offer to their internal customers (developers) as REST-ful services:

  • They started the story with zECS, which is mostly a cache storage implementation to store session (or other short living) information outside the running application server. These information need to be gathered fast and high available. Based on the services from the platform, they achieved high throughput rates.
  • Moving forward to fulfill developer needs, they implemented their own Key-Value store called zFAM. They can store binary information up to 1GB and do not rely on DB2, but are using VSAM.
  • zUID is the latest, but smaller, project, to offer sort of standardized 32bit UIDs, which are unique.

At the point where I was asking myself, why they do not publish this as a products, they revealed, that it is available to the public via Walmart’s Github account- for free in terms of a APACHE2 License. Currently, there are installation REXX provided for some of the code. Randy talked about moving to a proper git folder structure in the long term, because git is becoming more and more available on z/OS as well… It totally looks very interesting and it is worth a look. It gives you an idea what is possible with exploiting the z/OS services and OS features using assembler.

Matthias@Hacker Hotel - Follow up

The given talk went quite well, I think. You can find the recording under this link. Unfortunately, I can’t share the slides directly.

Beside the link list for more information at the bottom of the post, I need to correct or emphasize a few things from the talk here:

  • The s/360 architecture is built to be not only compatible, as mentioned in the talk. The architecture is binary compatible since 1964!
  • For the IBM it was a 5 billion dollar bet not like mentioned a 1 billion dollar bet.

Further sources and articles which you may be interested to get more information about mainframes:

In addition I want to show you a very good article about 7 mainframe taboos we should break.

Problems building AttitudeAdjustement OpenWrt

I recently encountered a problem building the old version of OpenWrt called “AttitudeAdjustement” on my ArchLinux machine. As ArchLinux is using the most recent sources, a upstream patch landed, which changes the default behaviour of the tool called “grep”.
The same propblem seems to occur on the “oldpackages” repository of BreakingBarrier as well, so that small fix below should work there, too.

Now, it throws a message on Binary files instead of parsing it somehow, which results in the following problem:

$ ./scripts/feeds update  packages
Updating feed 'packages' from '' ...
Already up-to-date.
Create index file './feeds/packages.index' 
grep: feeds/packages/Binary: No such file or directory
grep: file: No such file or directory
grep: matches/Makefile: No such file or directory
make: *** No rule to make target 'feeds/packages/Binary', needed by '/home/matze/tmp/LibraryBox-2.1-beta-build-env/openwrt/feeds/packages.tmp/info/.packageinfo-Binary'.  Stop.

That breaks the OpenWrt Buildchain. I found the solution on the GNU mailing list: In the console you are running, change the LC_ALL setting and export it. That makes the grep tool work like before the change:

export LC_ALL=C

After that, you can work like normal:

$ ./scripts/feeds update packages
Updating feed 'packages' from '' ...
Already up-to-date.
Create index file './feeds/packages.index' 
Collecting package info: done

Remember to rerun the export when you continue working after closing the terminal window…

Matthias@Hacker Hotel

This April I’m heading towards the Netherlands for participating in a hacking event called Hacker Hotel, which will take place in Garderen at the weekend Fri 10 - Sun 12 April 2015.

I’ll do a small PirateBox workshop for beginners.

In a short discussion on the IRC a lot of interest in the topic ‘mainframe’ came up. So, I will talk about is Hacker meets Mainframe. The plan is to do a brief overview of the history, architecture of the mainframe and why it is still a topic which should interest a normal linux-hacker.

I’m looking forward to give the two session and, of course, to see you!