I was talking about the source of the SMSG that has arrived at my Linux
service virtual machine. Sources like OPERATOR, MAINT, VMUTIL, not the
anonymous userids (HACKER1, HACKER2, HACKER3) that are on the less properly
administrated systems. Inside the Linux service virtual machine, there are
also no HACKER1, HACKER2 or HACKER3 userids, not even development userids.
All of those insecure users have their own linux or windows systems to corrupt.
Is hcp/vmcp anymore sensitive in a class G (or less) linux service virtual
machine than 'shutdown -h now'? Does anyone really let untrusted users have
root access in production service virtual machines?
/Tom Kern
--------------------------------------------------------------------------
> Careful! For multiuser operating systems, you can identify the guest, but
> you cannot identify the user. So you have to take steps in the guest to
> ensure that only authorized users are allowed to send commands. Look at
> hcp/vmcp for example. That's a command that should be limited to specific
> trusted Linux users. If you don't then the integrity of the guest becomes
> suspect.
>
> Alan Altmark
> z/VM Development
> IBM Endicott
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
