On 3/2/2012 11:53 AM, David Cole wrote:
The real question is whether an unintended third party can use
the code to become authorized.
Yes. That absolutely is the "real question".
And absolutely, that is what Bill Fairchild's post asserts.
So that absolutely is why I am concerned.
While I share the concern, I have seen no mention of a related
problem - malicious tampering unrelated to gaining
authorization. For example, SVC 98 (Protect) in OS/360 had
documented functions to read a PASSWORD data set record, add
one, and delete one. IBM chose not to document an additional
function that requested the TTR of a located record; that
function failed to validity-check the user provided return
address, allowing anybody to clobber the system at will.
Gerhard Postpischil
Bradford, VT
