Nobody asked me, but I think David buried the most important point in the
middle. I have seen lots of TERRIBLE code written by "engineers from big tech."
That's not the key point. The key point is
> the code is in the open and can be scrutinized by millions of people
There are thousands (if not
Hello, I struggle dumping a single CSECT within a program object of mine, using
AMASPZAP.
When I compile/bind the program, the binder says:
*** M O D U L E M A P ***
The manual (MVS Programming: Assembler Services Reference, Volume 1 (ABE-HSP))
states
2-12 Used as work registers by the system.
but I am looking at some old functional code which seems to expect (several?)
registers values at ATTACH time be passed as is to the subtask.
Can someone enlighten me
I would guess that if it works but is not documented then who knows. There
is no guarantee that it does not stop working at some point in the future.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Binyamin Dissen
Sent: Saturd
If someone develops code that is vulnerable, only the organization he works
for is (potentially) affected and the attacker does not have access to the
code to play with. With open source, the code is accessible to everyone,
and the problem hits millions of organizations.
The problem is not the ven
I don't disagree. That is the flip side of the situation.
I think what you wrote is true, and what I wrote is true.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Itschak Mugzach
Sent: Saturday, February 12, 2022 11:39 AM
T
On Sat, Feb 12, 2022 at 11:17:52AM -0800, Charles Mills wrote:
> I would guess that if it works but is not documented then who knows. There
> is no guarantee that it does not stop working at some point in the future.
I'd guess so too, but might break a lot of things if it was changed..
>From MVS
Standard IBM z/OS calling convention. R13 Save Area, R14 return
address, R15 address being called, R0 ?, R1 address to parameter list,
R2-14 will be restored from R13 save area before BR14 to return to
caller.
https://www.ibm.com/docs/en/zos/2.3.0?topic=guide-linkage-conventions
On Sat, Feb 12,
Mario, where does the "MYMODULE" come from in your DUMPT command???
I don't see anything named that in your module map.
According to your module map, your CSECT name is $PRIV10. If you
DUMPT $PRIV10 $PRIV10
what happens?
And in your AMBLIST what is your #1 CESD?
Ramsey
On Sat, Feb
> The utility fails with RC 8 complaining that CSECT PRIV10 doesn't exist.
It doesn't. Private code is "PC" not a csect.
The assembler can produce it if you don't start with a CSECT statement.
>From an old MVT manual:
GC26-3813-3_OS_VS_Linkage_Editor_and_Loader_May75.pdf
Private code
On 2/12/2022 10:54 AM, Binyamin Dissen wrote:
but I am looking at some old functional code which seems to expect (several?)
registers values at ATTACH time be passed as is to the subtask.
Perhaps it's expecting to be invoked via LINK(X) rather than ATTACH(X)?
--
Phoenix Software International
On Sat, 12 Feb 2022 12:53:41 -0800 Ed Jaffe
wrote:
:>On 2/12/2022 10:54 AM, Binyamin Dissen wrote:
:>> but I am looking at some old functional code which seems to expect
(several?)
:>> registers values at ATTACH time be passed as is to the subtask.
:>Perhaps it's expecting to be invoked via LIN
On Sat, 12 Feb 2022 at 13:54, Binyamin Dissen
wrote:
> The manual (MVS Programming: Assembler Services Reference, Volume 1
> (ABE-HSP)) states
>
> 2-12 Used as work registers by the system.
>
> but I am looking at some old functional code which seems to expect
> (several?)
> registers values at A
On 12/02/2022 23:14, Tony Harminc wrote:
On Sat, 12 Feb 2022 at 13:54, Binyamin Dissen
wrote:
The manual (MVS Programming: Assembler Services Reference, Volume 1
(ABE-HSP)) states
2-12 Used as work registers by the system.
but I am looking at some old functional code which seems to expect
(se
On 13/2/22 3:38 am, Itschak Mugzach wrote:
If someone develops code that is vulnerable, only the organization he works
for is (potentially) affected and the attacker does not have access to the
code to play with. With open source, the code is accessible to everyone,
and the problem hits millions
On 13/2/22 1:03 am, Charles Mills wrote:
Nobody asked me, but I think David buried the most important point in the middle. I have
seen lots of TERRIBLE code written by "engineers from big tech." That's not the
key point. The key point is
the code is in the open and can be scrutinized by milli
Do you have code prior to your first CSECT?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Mario Bezzi [subscriptions.mario.be...@gmail.com]
Sent: Saturday, February 12
Some shops won't let you install free software, but for everybody else, that
sounds like the reasonable thing to do/
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Dav
An awful lot of exploits have been in proprietary software. An awful lot of
successful cracks have been due to, e.g., insiders, sloppy procedure, social
engineering, rather than software bugs. The Devil is in the details. What are
the statistics on root causes?
--
Shmuel (Seymour J.) Metz
http
I believe that developing a fix before you disclose the vulnerability is the
responsible thing to do.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
David Crayford [dc
The issuer sees the same values in R2-R12 before and after the ATTACH.
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Tony Harminc [t...@harminc.net]
Sent: Saturday, Fe
You wouldn't have a class C_CODE in an assembler program (barring some
rather unnatural acts). And apparently the new compilers think using CSECT
names is a barbarism or something.
You'll have to make do with DUMPT MYMODULE * C_CODE
$PRIVnn are not real names, they're generated by the binder
On Sun, 13 Feb 2022 01:26:41 +, Seymour J Metz wrote:
>Some shops won't let you install free software, but for everybody else, that
>sounds like the reasonable thing to do/
>
The supplier should offer a "Pro" version for $0.01; perhaps with
more attractive page headers (date in Roman numeral
very responsible. Meanwhile, the client is open for attacks. However, he
can't protect himself since no one reported it affects his MF.
בתאריך יום א׳, 13 בפבר׳ 2022 ב-3:42 מאת Seymour J Metz :
> I believe that developing a fix before you disclose the vulnerability is
> the responsible thing to do
24 matches
Mail list logo
