> an authorized program that breaks in any way due to a long parm was incorrectly written in the first place
Agreed. But that won't get your data back, or make the dumb "mainframe hacked" stories go away. I would say pretty much by definition all viruses exploit programs that were "incorrectly written in the first place." Virus Checkers are still big business. Ah! You say, that's Windows, not z/OS. Exactly. That's why z/OS needs a bit to save authorized programs from surprises they had no reason to expect. Agreed on your other point. I've always felt that application programmers move data; system programmers and software developers manipulate pointers. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Leonard Woren Sent: Friday, May 13, 2005 4:04 PM To: [email protected] Subject: Re: PARM= On Fri, May 13, 2005 at 02:53:00PM -0700, Charles Mills wrote: > As Gil pointed out, the ONLY new exposure is for authorized programs. > Formerly, an authorized program could be confident that it's caller > was either JCL or another trusted (authorized) program. It would thus > be a reasonably valid assumption that the authorized program would > either get > >= 100 bytes of parms from JCL or something "proper" (however that > >might > be defined) from an authorized caller. [...] > With PARM= >100 characters, for the first time, the authorized program > expecting <= 100 bytes might be subject to malicious buffer overflow > from an untrusted source. The solution is a linker set bit similar to > AC=1 that says "this authorized program expects that it might get > > 100 bytes if invoked from JCL." > > Charles By definition, an authorized program is supposed to validity check everything and not make any assumptions about untrusted input. It's a very small leap from there to a conclusion that an authorized program that breaks in any way due to a long parm was incorrectly written in the first place. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
