Re: Program FLIH backdoor - This is a criminal breach of security!
On Tue, 6 Mar 2012 15:40:25 -0600, Tom Marchant wrote: By PCFLIH backdoor I mean a routine whose address replaced the address of the IBM supplied PCFLIH. That would be a hook or an intercept. Backdoor means something else entirely. You have your definition for 'backdoor', I have mine, Next. The backdoor routine received control every time a PC interrupt ITYM a program interruption. Yes. That is certainly not what the vendor routine being discussed is alleged to have done. It is alleged to return to the program that was interrupted in supervisor state. It is further alleged that it is relatively easy for any program to exploit this and to get put into supervisor state. I keep seeing that 'alleged' word. Doesn't anyone actually know what they did/do, and how did they do this magic without being APF authorized, and if they were APF authorized then they could by definition switch anyone or any task in the system to supervisor state so what does it matter at that point anyway; the battle is lost, get out your white flags and start waving. Now if they did this magic and they were NOT APF authorized, then we have a lot to talk about here. I have not seen the vendor code and cannot comment on what it does or does not do or how much security checking it does or does not perform before it does what it does. My defense was of the use of the technique of 'backdooring, hooking, intercepting, or whatever word you choose to use in whatever language you choose to use' when it is the appropriate technique. I would really hate to see IBM use this discussion as a justification for somehow making it impossible for a sharp systems programmer or vendor to use this technique when there are times that it is the only technique that will work. I guess it was that 'criminal' word in the subject line that set me off. As for what the vendor did, I am not offering any justification and if what you would like to organize with this discussion is a party where we all get together a roast a few vendors I will not only volunteer to bring some firewood I will also invite my CA and IBM marketing reps to come with me to the party! Gene Pate CSX Technology Enterprise Architecture - This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: IBM-MAIN Digest - 4 Mar 2012 to 5 Mar 2012 (#2012-65)
on 03/05/2012 at 20:54:38, Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net said: What do you mean by backdoor? I don't believe that it is what others were referring to. By PCFLIH backdoor I mean a routine whose address replaced the address of the IBM supplied PCFLIH. The backdoor routine received control every time a PC interrupt occurred and, based on the reason for the PC interrupt it either emulated the failing instruction using available instructions and returned control to the next sequential instruction or passed control to the IBM supplied PCFLIH routine for it to process the PC interrupt. I believe that this is also what the vendor routine being discussed did. As I said, the PCFLIH backdoor is just a technique and if it is not the appropriate technique to use then the vendor should be beat about the head and shoulders and made to use whatever technique is appropriate for what their product needs to accomplish. Gene Pate CSX Technology Enterprise Architecture - This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
Re: Program FLIH backdoor - This is a criminal breach of security!
I am amazed at the uproar over this. Is there anything that a PCFLIH backdoor can accomplish that any AC=1 module in any APF authorized library cannot? Is there anyone else out there that is running any vendor code for which they have not done code reviews that is running AC=1 in any APF authorized library? Is there anyone else out there that is running any home grown code with an AC=1 in an APF authorized library for which they have not done code reviews? Is there anyone else out there that has libraries in the APF list that can be updated by anything other than there change control system that only allows modules that have been through code reviews to be installed in their APF authorized libraries? How you allow code to get into supervisor state is of no consequence once it is in supervisor state so, unless you have a pristine system where every load module library on the system is totally locked down and only the OS libraries supplied by IBM appear in the APF list, you have by definition accepted exposures to system integrity. Does your management understand just how exposed you have left all the company secrets? Using a PCFLIH backdoor is only one of many techniques that can be used to accomplish getting yourself into supervisor state and sometimes it is the right technique and sometimes it is not. Back in the late 70's I wrote a PCFLIH backdoor because it was not only the correct technique it was the only technique that would work. My company and its sister companies had many 168APs that did not have the MVS/SE hardware assist installed. At that time IBM wanted about $150K per system for the hardware upgrade and we already had plans to replace all of them over the next 3 years with 3033s so there was no money to upgrade them. I wrote an SE hardware emulator that would run on Ups, APs, and MPs and while you got a 15% performance increase with the hardware upgrade and MVS/SE we still got around 12% with my PCFLIH hardware emulator and we were able to move to MVS/SE 3 years sooner that we could have had we all had to wait until all the 168s were replaced. If there was any criminal activity involved in this entire affair I believe it was on IBM's part for trying to charge us $150K per system for a microcode upgrade to a bunch of outdated systems and not on the part any PCFLIH code that I wrote so I outright reject your assertion that a PCFLIH backdoor is any more criminal than running any AC=1 module in any APF authorized library that you as the systems programmer have not personally code reviewed before you allowed it to run on any system that you are responsible for! Gene Pate CSX Technology Enterprise Architecture - This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN