Re: Program FLIH backdoor - This is a criminal breach of security!

Fri, 02 Mar 2012 09:12:20 -0800 

At 3/2/2012 10:25 AM, Edward Jaffe wrote:

On 3/2/2012 1:29 AM, David Cole wrote:

If the PFLIH hook is (as it has been described earlier in these
threads) a mechanism by which a non-authorized process can become
authorized, then its very existence is a "substantive offense" in
and of itself. It is not just "a template", it doesn't just show
the way. It *is* the way.


I keep coming back to IGX00011. It's presence on z/OS systems PROVES
that the very existence of a "magic" SVC service, while arguably not
a 21st-century best practice, is NOT considered an exposure or
"substantive offense" when done correctly. (Those last three words
are very important!)

A "magic" PFLIH technique is not substantially different, from an
integrity standpoint, than a "magic" SVC except that the code gets
control for EVERY interrupt and so has the potential to slow things
down if not implemented efficiently.

The real question is whether an unintended third party can use the
code to become authorized.


Yes. That absolutely is the "real question".
And absolutely, that is what Bill Fairchild's post asserts.
So that absolutely is why I am concerned.







Unlike the "magic" SVCs of the past, I'm confident that IGX00011
cannot be exploited by unintended third parties.


That is good to know.







The same might very well be true of the PFLIH approach being discussed here,
despite any third-party hearsay from Bill Fairchild's colleague
claiming otherwise.


Certainly, the "hearsay" could be wrong. And I do hope that it is wrong.
But it is a better course to assume that the charge is right and
raise awareness to the point where it will be investigated and PROVEN
to be right or wrong...

... than it is to assume that the charge is wrong and just sit back
and *hope* that nothing bad happens.

In other words, I think that being noisy about this issue will have a
more constructive result than being silent will.







--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
edja...@phoenixsoftware.com
http://www.phoenixsoftware.com/


Dave Cole              REPLY TO: dbc...@colesoft.com
ColeSoft Marketing     WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road    VOICE:    540-456-8536
Afton, VA 22920        FAX:      540-456-6658






















					Reply via email to