On Sun, 27 Mar 2011 11:26:05 -0400 "Shmuel Metz (Seymour J.)" <[email protected]> wrote:
:>In <[email protected]>, on 03/27/2011 :> at 09:39 AM, Clark Morris <[email protected]> said: :>>My incomplete and possibly erroneous interpretations of past postings :>>here led me to believe that zIIP and zAP work had to run in SRB mode :>>and I also recall someone else claiming this was a security :>>exposure. :>The security issue is that an error in SRB-mode code is more likely to :>have serious consequences. However, malicious authorized code can do :>whatever the programmer wants, so it's not a security issue in the :>sense of vulnerability to exploits. The security issue is allowing application programmers to write SRB code (which implies the ability to update APF datasets). -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
