On Mon, 5 Mar 2012 14:19:33 +0000, Pate, Gene wrote: >I am amazed at the uproar over this. Is there anything that a PCFLIH backdoor >can accomplish that any AC=1 module in any APF authorized library cannot? >Is there anyone else out there that is running any vendor code for which they >have not done code reviews that is running AC=1 in any APF authorized library? >Is there anyone else out there that is running any home grown code with an >AC=1 in an APF authorized library for which they have not done code reviews? >Is there anyone else out there that has libraries in the APF list that can be >updated by anything other than there change control system that only allows >modules that have been through code reviews to be installed in their APF >authorized libraries? > >How you allow code to get into supervisor state is of no consequence once it >is in supervisor state so, unless you have a pristine system where every load >module library on the system is totally locked down ... > Not "every". I believe IBM's SOI applies regardless of what mey be put in non-authorized load libraries.
>and only the OS libraries supplied by IBM appear in the APF list, you have by >definition accepted exposures to system integrity. Does your management >understand just how exposed you have left all the company secrets? > Or, by your earlier paragraph, suitable review is performed for non-IBM code. And even then, IBM's SOI doesn't apply. But why do you trust IBM? Their code is OCO and difficult to review. I suppose it's possible if one signs the required NDAs and pays the charges. Is there any independent commercial body that so reviews and certifies IBM's code? And even indemnifies? For a price, of course. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
