On Wednesday, 09/06/2006 at 10:26 MST, Thomas Kern <[EMAIL PROTECTED]> wrote: > That's why I like using something internal to the zSeries for zSeries > communications and automation. The source of the data can be trusted to not be > spoofed so you can authenticate that against a table of authorized users and be > safe. With the VMCF protocal (SMSG is just a commandline SENDX, right?) and the > IUCV protocal, CP handles the sizing of the data before the Linux code would > ever see it, leaving application developers to look elsewhere to code their > buffer overrun vulernabilities. It is unsniffable by the network spies so there > is no need for fancy CPU intensive encryption with public/private key > management.
Careful! For multiuser operating systems, you can identify the guest, but you cannot identify the user. So you have to take steps in the guest to ensure that only authorized users are allowed to send commands. Look at hcp/vmcp for example. That's a command that should be limited to specific trusted Linux users. If you don't then the integrity of the guest becomes suspect. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
