On Tue, 6 Mar 2012 15:40:25 -0600, Tom Marchant wrote: >>By PCFLIH backdoor I mean a routine whose address >>replaced the address of the IBM supplied PCFLIH.
>That would be a hook or an intercept. >"Backdoor" means something else entirely. You have your definition for 'backdoor', I have mine, Next. >>The backdoor routine received control every time a >>PC interrupt >ITYM a program interruption. Yes. >That is certainly not what the vendor routine being >discussed is alleged to have done. It is alleged to >return to the program that was interrupted in supervisor >state. It is further alleged that it is relatively easy for >any program to exploit this and to get put into >supervisor state. I keep seeing that 'alleged' word. Doesn't anyone actually know what they did/do, and how did they do this magic without being APF authorized, and if they were APF authorized then they could by definition switch anyone or any task in the system to supervisor state so what does it matter at that point anyway; the battle is lost, get out your white flags and start waving. Now if they did this magic and they were NOT APF authorized, then we have a lot to talk about here. I have not seen the vendor code and cannot comment on what it does or does not do or how much security checking it does or does not perform before it does what it does. My defense was of the use of the technique of 'backdooring, hooking, intercepting, or whatever word you choose to use in whatever language you choose to use' when it is the appropriate technique. I would really hate to see IBM use this discussion as a justification for somehow making it impossible for a sharp systems programmer or vendor to use this technique when there are times that it is the only technique that will work. I guess it was that 'criminal' word in the subject line that set me off. As for what the vendor did, I am not offering any justification and if what you would like to organize with this discussion is a party where we all get together a roast a few vendors I will not only volunteer to bring some firewood I will also invite my CA and IBM marketing reps to come with me to the party! Gene Pate CSX Technology Enterprise Architecture ----------------------------------------- This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
