________________________________ From: Shmuel Metz (Seymour J.) <[email protected]> To: [email protected] Sent: Sun, April 4, 2010 10:27:46 AM Subject: Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use
In <[email protected]>, on 04/03/2010 at 09:48 AM, Ed Gould <[email protected]> said: >We had a *REALLY* good applications programmer that simply bypassed any >and all protections we had, Every time that I've seen anything similar it's been lax security code, not a bug in the system. I'm not saying that there weren't security exposures in the pre-DFP pre-SP days, but they were harder to exploit than, e.g., default passwords, "magic" SVC's. As I said before No magic SVC's the RACF system was not lax as we were always bombarded with we should be able to do .... We never did find how he managed to do it. He would not admit to doing it. As I mentioned before the most I saw logrec entries from his ID and a dump once in a while. As I said before we could see stuff wrong but needed proof it was his doing just because one bit was on (o off) wasn't proof (at least that was what we were told). Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
