On 6 Jun 2010 13:19:57 -0700, in bit.listserv.ibm-main you wrote: >On Sun, 6 Jun 2010 14:29:32 -0400, William Donzelli wrote: > >>> In one sense, we need to be careful about what we ask for. Do we want >>> z/OS to be easily available to those who want to find vulnerabilities >>> and crack the system? >> >This is admitting defeat; acknowledging that z/OS is so riddled >with defects, some irreparable, that the best we can hope for >is that no one finds out.
One of the sources of vulnerability of any operating system is have a computer that can be dedicated to breaking that systems. Some of the mods that have been applied from various public domain sources may have created vulnerabilities. We know that in the past various third party software has put holes into the system through magic SVCs and/or other less than good practices. The hole in SMP/E that is being covered might be fun to play with on a dedicated system with no oversight. Of course criminal enterprises looking to make decent money on finding holes for profit may already have a z machine purchased or leased with the software through legitimate or less than legitimate channels. Clark Morris > >This brings to mind a thread that went through here a couple >months ago. > >-- gil > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
