Seymour, Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using these weaknesses...
BTW, I like your new Hebrew signature! ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz <sme...@gmu.edu> wrote: > I you control your console commands through SAF, you have fairly fine > granularity. > > BTW, a couple of decades ago I reported a similar issue .on a command that > is extremely common. If you're doing an audit, look at the common commands > in addition to the rare ones. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf > of ITschak Mugzach <imugz...@gmail.com> > Sent: Tuesday, December 19, 2023 3:12 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Z/OS Survey - Unusuall system commands > > There are some MVS commands that are hard to understand how and why they > were created. What bothers me is the fact that the input of the commands > that modify MVS behavior allows input from private dataset. These are the > first commands I am trying when I do a pentest... > For example: > *SETLOAD* allows on-the-fly change of parmlib concatenation using a dataset > that is not part of the parmlib concatenation itself. for example: SETLOAD > 03,PARMLIB,DSN=sys4.relson > TCPCIP *OBEY* command allows specification of TCPIP configuration from a > private library. > > How frequent do you use these commands (if ever) and how do you identify > the use (assuming that the commands are protected by your ESM). I wonder > why IBM allows such a scenario. > > ITschak > > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring > for z/OS, x/Linux & IBM I **| z/VM coming soon * > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN