- Some code that is executing in an authorized state
- Supervisor state
- PSW key 0-7
- Ability to issue MODESET SVC (APF authorized)
- This code would have one of the following flaws:
- Store into requester provided storage address while in an
authorized state (usually means running in a system psw key (0-7))
- Branch to a requester provided storage address
- Returning control to the requester in an authorized state
SVCs, PC routines, and system exits all would have this potential.
On 10/14/2010 10:43 AM, Lindy Mayfield wrote:
What would constitute a "root kit" for MVS? Perhaps an SVC with some hidden
functionality?
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of
David Cole
Sent: Thursday, October 14, 2010 5:08 PM
To: [email protected]
Subject: Re: Mainframe hacking?
I read that article, and it is a good one. Interestingly (to me at least), on
the article's third web page, there is an excerpt from a post I made here in
2006. It's nice to know that someone is paying attention.
My entire post can be found at:
http://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&X=147B1F23465267AA41&Y=dbcole%40colesoft.com
I think the information in that post are highly relevant to the current thread.
Dave Cole REPLY TO: [email protected]
ColeSoft Marketing WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road VOICE: 540-456-8536
Afton, VA 22920 FAX: 540-456-6658
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
