Re: Program FLIH backdoor - This is a criminal breach of security!

Fri, 02 Mar 2012 08:55:14 -0800

At 3/2/2012 10:25 AM, Edward Jaffe wrote:
On 3/2/2012 1:29 AM, David Cole wrote:
If the PFLIH hook is (as it has been described earlier in these threads) a mechanism by which a non-authorized process can become authorized, then its very existence is a "substantive offense" in and of itself. It is not just "a template", it doesn't just show the way. It *is* the way.

I keep coming back to IGX00011. It's presence on z/OS systems PROVES that the very existence of a "magic" SVC service, while arguably not a 21st-century best practice, is NOT considered an exposure or "substantive offense" when done correctly. (Those last three words are very important!)

A "magic" PFLIH technique is not substantially different, from an integrity standpoint, than a "magic" SVC except that the code gets control for EVERY interrupt and so has the potential to slow things down if not implemented efficiently.

The real question is whether an unintended third party can use the code to become authorized.

Yes. That absolutely is the "real question".
And absolutely, that is what Bill Fairchild's post asserts.
So that absolutely is why I am concerned.






Unlike the "magic" SVCs of the past, I'm confident that IGX00011 cannot be exploited by unintended third parties.

That is good to know.






The same might very well be true of the PFLIH approach being discussed here,
despite any third-party hearsay from Bill Fairchild's colleague claiming otherwise.

Certainly, the "hearsay" could be wrong. And I do hope that it is wrong.
But it is a better course to assume that the charge is right and raise awareness to the point where it will be investigated and PROVEN to be right or wrong...

... than it is to assume that the charge is wrong and just sit back and *hope* that nothing bad happens.

In other words, I think that being noisy about this issue will have a more constructive result than being silent will.






--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
[email protected]
http://www.phoenixsoftware.com/

Dave Cole              REPLY TO: [email protected]
ColeSoft Marketing     WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road    VOICE:    540-456-8536
Afton, VA 22920        FAX:      540-456-6658

Reply via email to