On 9 Jun 2010 06:38:50 -0700, in bit.listserv.ibm-main you wrote: >On Wed, 9 Jun 2010 06:01:51 -0700, Edward Jaffe wrote: >> >>I wonder if anyone was able to exploit SMP/E to run arbitrary code in a >>privileged state? >> >You're cruel. > >Integrity exposures, like pregnancy, are pretty much devoid of >degree. If a program gets in KEY 0, it can modify system control >blocks. If it gets in Supervisor state, it can LPSW to KEY 0. >If it has AC=1, it can MODESET. If it can update APF libraries, >it can ... > >And IBM considers the SMP/E problem fixed merely because they told >customers, "Don't do that!" Even though they haven't told us >what to not do. > >-- gil > It gets even better. If the goal is to invade a system for profit, knowing the vulnerabilities in Websphere may be sufficient. It isn't RACF directly that is preventing me from getting into someone else's account when I log in to my bank which I believe is on z/OS. The advantages of having your own machine to try out hacking is that you don't alert someone else as to what you are doing. Figuring out the vulnerability in SMP/E in and of itself may not be that useful if you confine yourself to SMP/E because getting that far requires a valid logon to TSO. Figuring out where else similar vulnerabilities might exist from understanding that vulnerability could be profitable. If REXX or JAVA can be executed through a web entry (Websphere, another web server, etc.) then all sorts of interesting things might happen. In short, the advantage of having your own system to explore vulnerabilities is that you don't get anyone's security people aroused when you probe.
Clark Morris ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
