Richard Peurifoy wrote:
I was curious, so I did a GTF trace and see I/O to the PDS to count the number
of directories. SVC 0 is used and shows a DDNAME of PPPPPPPP, a DCB addr,
and a DEB addr. There is no OPEN, CLOSE, DYNALLOC, or DEBCHK SVC.
There may be branch entries internally for these services, or the routine may
just build
all the control blocks itself.
I wrote a program of few years back, offlindr, that dumps/restores
logically offline dasd (eg z/vm or linux volumes). Looks like one place
you can find it is http://www.clueful.co.uk/mbeattie/s390/offlindr.jcl
Yes, apf authorization is absolutely required.
A number of years ago we were the object of a political intrigue.
Government agents on behalf of a congressman obtained legitimate userids
to our system and spent some number of months trying, as a normal user,
to get into supervisor state and/or key 0. They were unable to discover
such a method in IBM code and (thankfully) our home-grown code, but did
discover three methods through vendor software.
One method that I recall is using a particular vendor svc. A key 8
storage area was passed to the svc and the svc used some of that area as
an internal save area. The exploit simply issued a stimer for a short
duration, and then issued the svc. If the stimer exit got scheduled at
the right time, it simply modified the return address in the save area.
The method only worked about once in a thousand attempts but considering
that we could iterate this procedure tens of thousands of times a second
it was virtually instantaneous. I did notify the vendor and the
exposure was fixed.
Greg Smith
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
