Hi Itschak,
Yes, like you I've written SVC's, although I never came across one of
these "magic" ones. I've also written code to mess with the ACEE bits
similar to that hack sample. But this was under control of APF, with
auditor and management approval.
My question is how the user got that far, and I haven't yet figured that
out from the blog page. For example, how did they get an address space
going where they could even run the code to set the ACEE bits. And did
they implement the SVC 242 or was it there already. I just don't have
enough information to lay blame, or don't fully understand the blog.
On 1/30/2022 12:07 AM, Itschak Mugzach wrote:
Tom,
This is an old trick that allows a program to call SVC to switch to
supervisor mode and key zero. Once you are there, you can do almost
everything. for example, login to another user without specifying a
password, use the bypass userid, and so on.
However, David only mentions a facility that is quite common, but hasn't
proved it was used in an illegal operation.
Best,
ITschak
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
