Recently, I ran a zSecure Audit MVS Tables status scan and one of its
findings was the following:
Instruction scan hit, Updated using SVCUPDTE, Installation-defined
SVCno, Caller may be unauthorized
Pri SVC ES# APF Function Appl U Sf Last
update From Where
24 255 No 1 A1
0009D1B0 PVT
Index Address Where Key SP ScanIns Length AM Entry at
Same addr as Eye catchers
CN 04FE1DB8 EPLPA M 584 31 EJESSVC
.EJESSVC ..092720071430LICENSED MATERIAL,
PROPERTY OF PHOENIX SOFTWARE INTERNATIONAL -- COPYRIGHT (C) 1990-2007..kx4..
O 0192EBA4 ENUC RO 2389 31 IGCERROR in
IEANUC01 SVC 38 .. 0o..
I 00E240E8 PLPA 8 24 IGC0025E
..0414
Index Typ APF ESR Att Locks
Current 3/4 No No
Old 2 No No
Expect ??? ???
Instruction/Str/SVC scan results
ModeSupRB No
The output format is probably getting messed up a little by all the
reformatting done before this posting hits the discussion list but I
hope you'll still get the point.
My question now is, and maybe Ed Jaffe can take a look at that, what is
this SVC doing that it gets such bad press from zSecure? I neither have
the source code of this SVC nor am I among the chosen few who can judge
the security and integrity of SVCs and other authorized code. However,
we need to know if there is an issue here.
--
Ulrich
--
Ulrich Boche
SVA GmbH, Germany
IBM PremierBusiness Partner
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
