Re: Mainframe hacking?

Ray Overby Thu, 14 Oct 2010 10:16:17 -0700

The "returning in an authorized state" ones are exactly that. Theothers are typically the result of poor coding and/or design.

On 10/14/2010 11:43 AM, Lindy Mayfield wrote:

Some of this sounds like the "magic svcs" that I've seen people use for 
"testing".


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Ray Overby
Sent: Thursday, October 14, 2010 6:54 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Mainframe hacking?

   -    Some code that is executing in an authorized state
          - Supervisor state
          - PSW key 0-7
          - Ability to issue MODESET SVC (APF authorized)

-    This code would have one of the following flaws:
          - Store into requester provided storage address while in an 
authorized state (usually means running in a system psw key (0-7))
          - Branch to a requester provided storage address
          - Returning control to the requester in an authorized state

SVCs, PC routines, and system exits all would have this potential.

On 10/14/2010 10:43 AM, Lindy Mayfield wrote:

What would constitute a "root kit" for MVS?  Perhaps an SVC with some hidden 
functionality?

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of David Cole
Sent: Thursday, October 14, 2010 5:08 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Mainframe hacking?

I read that article, and it is a good one. Interestingly (to me at least), on 
the article's third web page, there is an excerpt from a post I made here in 
2006. It's nice to know that someone is paying attention.

My entire post can be found at:
http://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&X=147B1F2
3465267AA41&Y=dbcole%40colesoft.com

I think the information in that post are highly relevant to the current thread.

Dave Cole              REPLY TO: dbc...@colesoft.com
ColeSoft Marketing     WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road    VOICE:    540-456-8536
Afton, VA 22920        FAX:      540-456-6658

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at 
http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Mainframe hacking?

Reply via email to