----- Original Message -----
From: "Tony Harminc" <t...@harminc.net>
Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, June 08, 2010 5:56 PM
Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal
Use?
On 8 June 2010 17:36, Pinnacle <pinnc...@rochester.rr.com> wrote:
It would be nice if someone actually documented a hole, instead of all
the
urban legends we hear. Outside the magic SVC, or a trusted person
planting
malware in an APF library, I don't know of any "holes". Please share.
Well no one is going to step up and document a current hole that they
may know about. Two holes I happen to know of that were fixed so long
ago that it can't possibly matter now, are the whole GAM
implementation, which happily accepted a user-supplied address and
branched to it in supervisor state, and the ability of any user to run
a line trace on a 37x5 without the possibility of control by the
installation. These were fixed in the 1970s and 1980s respectively.
Tony,
Thank you for at least posting two concrete examples of past holes. There
was a recent article in zJournal about hacking z/OS, but it was
disappointing, limited to what we've discussed here. The article quoted a
number of noted gurus (some on this thread), and they all basically said the
same thing. Authorized code can hack MVS, unauthorized code can't. Also,
like your examples above, none of the examples of hacking quoted in the
article were less than 20 years old.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
