On 5/18/2013 2:17 PM, John McKown wrote:
http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two
basically the person must be able to ftp into a UNIX subdirectory and
to submit a job. They upload a program called "netcat" into a data set
starting with their RACF id. They then submit a job which copies the
data set into the /tmp subdirectory with a "random" name, chmod the
name to be executable, then executes does starts the netcat in the
"background" (asynchronous to the batch job) and piping to/from the
z/OS UNIX shell. The "hacker" simply connects to the port that netcat
is listening on, and presto, they have a shell on their desktop.
_But_ the key is that the 'hacker' must already have a
RACF id; the old conudrum: you have to trust somebody
or else no work gets done; having a RACF id implies
at least some level of trust. So: an inside job when
you come down to it. And insiders, especially 'trusted'
insiders can always hack any system they're trusted on,
with enough time and cleverness.
It's the hacker from outside that is the concern.
--
Kind regards,
-Steve Comstock
The Trainer's Friend, Inc.
303-355-2752
http://www.trainersfriend.com
* To get a good Return on your Investment, first make an investment!
+ Training your people is an excellent investment
* Try our tool for calculating your Return On Investment
for training dollars at
http://www.trainersfriend.com/ROI/roi.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
