On Feb 24, 2012, at 15:56, Tony Harminc wrote:
>
> It seems to me that, apart from the eagle eyed Keven Hall, the parties
> who must know that this code is installed at many sites are its
> provider, and, by virtue of the unequalled number of dumps it receives
> from its customers, IBM. That IBM has not to my knowledge issued any
> public warning about it suggests to me that that while it may be
> "evil" in a design sense, this code may well not do anything bad in a
> practical one. IBM would surely not stand by if a widely deployed
> product provided a convenient method of breaking IBM's own statement
> of system integrity, so I conclude that it most likely does not.
>
IBM's practice is described (though this is not a formal statement
of policy) in:
http://bama.ua.edu/cgi-bin/wa?A2=ind1004&L=ibm-main&P=84755
(free registration required).
We have no way of knowing when all customers have applied a
System Integrity fix to all systems, so that there are no
longer any exposed systems anywhere in the world. ...
As a courtesy to customers with exposed systems, we do not
discuss the nature of System Integrity APARs, ...
It would be discourteous, even unfair, for IBM to deny the
anonymous ISV it offers to its own customers. Likely IBM
has described its concerns only privately to that ISV.
-- gil
> Tony H.
