That only works if there is such an SVC. A competent auditor would red flag it immediately. Alas, not every auditor is competent :-(
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Itschak Mugzach [00000305158ad67d-dmarc-requ...@listserv.ua.edu] Sent: Sunday, January 30, 2022 3:07 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: More of LOG4J Tom, This is an old trick that allows a program to call SVC to switch to supervisor mode and key zero. Once you are there, you can do almost everything. for example, login to another user without specifying a password, use the bypass userid, and so on. However, David only mentions a facility that is quite common, but hasn't proved it was used in an illegal operation. Best, ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN