On Fri, May 13, 2005 at 02:53:00PM -0700, Charles Mills wrote: > As Gil pointed out, the ONLY new exposure is for authorized programs. > Formerly, an authorized program could be confident that it's caller was > either JCL or another trusted (authorized) program. It would thus be a > reasonably valid assumption that the authorized program would either get > >= 100 bytes of parms from JCL or something "proper" (however that might > be defined) from an authorized caller. [...] > With PARM= >100 characters, for the first time, the authorized program > expecting <= 100 bytes might be subject to malicious buffer overflow > from an untrusted source. The solution is a linker set bit similar to > AC=1 that says "this authorized program expects that it might get > 100 > bytes if invoked from JCL." > > Charles
By definition, an authorized program is supposed to validity check everything and not make any assumptions about untrusted input. It's a very small leap from there to a conclusion that an authorized program that breaks in any way due to a long parm was incorrectly written in the first place. I've never understood why the exec parm needs to be copied somewhere by the receiving program, except for printing in which case you probably need to check the length anyway. I don't feel like groveling through my source libs right now, but I'd be surprised if any of my programs, going back to the 1970s, would break with long parms. /Leonard ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
