________________________________ From: Andy Wood <[email protected]> To: [email protected] Sent: Tue, June 8, 2010 6:20:57 PM Subject: Re: Personal use z/OS machines was Re: Multiprise 3k for personal Use?
On Tue, 8 Jun 2010 17:36:03 -0400, Pinnacle <[email protected]> wrote: . . . >Barry, > >It would be nice if someone actually documented a hole, instead of all the >urban legends we hear. Outside the magic SVC, or a trusted person planting >malware in an APF library, I don't know of any "holes". Please share. > Andy: Unfortunately the person who found quite a few holes moved on and would not reveal what he found and how he found them. I just know that he managed to find a lot of them. Now what is a lot, He admitted finding 5 but again would not give anyone hints at what they were. I can attest (by looking at dumps and the logrec entries and even some stand alone dumps that he found some as when ever he logged on the system we started seeing a lot more dumps with some really strange reason codes(and no reported issues from other IBM users). I can also say that he regularly was able to alter memory in any address space in the system. I could not prove but dumps and some other evidence told me he was doing things that MVS should have stopped but he was able to get into any state/key whatever he wanted. Once he got his code working it was hard to prove he had done something he was not supposed to. And just to reiterate that he did *NOT* have a special SVC or secret mod that allowed him to do so. we had pretty tight control over the OS and a few times we created a truly fresh system from IBM and it did not make a bit of difference. Bypassing RACF was his early on attempt and it took him maybe about 3 days to get around RACF. We attempted to stop him but the politics of the time would let it happen. (This was almost at the board level - maybe one step below). It was frustrating trying to fix issues as it was (most of the time) difficult to figure out if it was an IBM issue or him playing around. When IBM got a dump he would look at it and if it looked strange and did not make any sense he would mark it as "user" and would toss it away. I know (because I was a party to some of the discussions between IBM and my upper management that they were as frustrated as he was as the politics involved were really rough. BTW the IBM person was excellent and he was not the type to not label something that was not an IBM issue as a user issue. He was exceedingly honest and after looking at the dumps before he got a hold of them several of us who previewed the dumps before we handed them over to IBM, some of them were just weird and could not be explained except someone was mucking around where they were not suppose to be. Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
