In a message dated 7/8/2005 3:00:38 P.M. Central Daylight Time, [EMAIL PROTECTED] writes:
It would take no more than 10 minutes to write and test a short program that would authorize any piece of code you wanted, in most shops, without having access to anything else but a regular TSO session. In the early 1980s I attended a SHARE session whose presenter said it is a VERY bad idea to have a user SVC installed which an unauthorized program can invoke with a special code in register X and the SVC returns control to the caller in an authorized state. In 1996 I discovered that CA had taken heed to this sound wisdom, and, instead of putting their easily hacked bypass of system security in the form of a user SVC had instead invented it as a special program interrupt, ironically the X'CA' instruction operation code. They bundled a program interrupt front end in with some of their products, and their products made use of this hook in order to become authorized without going through APF. By putting it into the program interrupt front end routine, it became a little harder to find and hack, but nevertheless it took me about 1/2 hour to build a key 8 program that invoked X'CA' and got control back in supervisor state, key 0. I brought this to CA's attention in 1996, and they worked on their program interrupt front end to make it harder to hack. What they did NOT do, however, was use APF. I don't know if they still insert this hole in the system's integrity. Bill Fairchild ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
