On 12/23/2017 8:18 AM, Jon Perryman wrote:
People are clever and will find ways to abuse things if they are motivated. Dynalloc can easily be exploited. It's not exploited because no one has been motivated to exploit it.
Security risks are big news in this century and there have been some *outstanding* mainframe security-related presentations at SHARE, GSE/UK, DefCon, DerbyCon, and elsewhere by "White Hats" like Phil Young ("Soldier of Fortran"), Chad Rikansrud ("Big Endian Smalls" -- Best Session Award winner at SHARE), Mark Wilson of RSM Partners (also a Best Session Award winner), Brian Marshall from Vanguard, and others. These guys hack mainframes for a living! You can read their blogs and interviews, download their presentations, and even watch them on video in some cases. Just Google their names if you want to know more...
AFAICT, none of these experts caution against the use of DYNALLOC. It's simply not seen as a risk to the platform.
-- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/
