I just tested an easy bypass. I've got an SETVMDBK EXEC that allows a privileged user to zap certain bits in the VMDBK of logged on users. This SETVMDBK has proven to work surely up to z/VM 5.4.
>From MAINT: - XAUTOLOG DIRMAINT - SET PRIVCLASS DIRAMINT +A (if it hasn't class A already) - SETVMDBK DIRMAINT DEVMAINT - DIRM CP DEFINE MDISK 123 0 END 540RES Et voila.... I'll send SETVMDBK is a separate email (a bit too long to imbed here) 2009/5/27 Yoon-suk Cho <isem...@gmail.com> > > I try to 'DEFINE MDISK as 123 0 END 540RES' by maint. but I got a > error msg like this. > > > define mdisk as 123 0 end 540res > HCPDEF003E Invalid option - MDISK > Ready(00003); T=0.01/0.01 16:13:41 > > It was successfully defined by lglopr user. > and , I tried shutting down dirmaint and logging off MAINT, the > restart dirmaint user. > But. Same problem exist. I think really dirmaint need 123 minidisk of maint. > > How about this way? > > - disable the dirmaint > - make user backup file > - edit the 'USER DIRECT C' under 2C2 disk to 'MDISK 0123 3390 000 END 540RES > MR' > - issue command 'DIRECTXA USER DIRECT C' > - fix the dirmaint config file for maint. > - conversion 'USER DIRECT C' file to use the dirmaint. > > > we need attach the 123 disk to maint. so we are using the DIRECTXA > command first. > and then conversion 'USER DIRECT C' file to use dirmaint. > > Do you known that way in detail? > > > > > On Wed, May 27, 2009 at 5:46 PM, Rob van der Heij <rvdh...@gmail.com> wrote: > > On Wed, May 27, 2009 at 10:35 AM, Jonathan R Nolting > > <jrnol...@us.ibm.com> wrote: > >> From MAINT issue: > >> > >> CP Q V 123 > >> Dirm cp q v 123 > >> > >> And provide results. > >> > >> Have you tried shutting down Dirmaint and logging off MAINT. Then restart > >> DIRMAINT? > > > > If MAINT still had the 123 and it is not in the online directory > > anymore, then logging off is not a wise approach. But you can get that > > back. > > Normally MAINT has the DEVMAINT option, so you should be able to issue > > the DEFINE MDISK to get the 0123 full pack linked. Then get the > > yesterday's user backup from DIRMAINT and use MAINT to bring that > > online. This will give you a MAINT 123 again that DIRMAINT can link. > > > > Rob > > -- Kris Buelens, IBM Belgium, VM customer support
