The "returning in an authorized state" ones are exactly that. The
others are typically the result of poor coding and/or design.
On 10/14/2010 11:43 AM, Lindy Mayfield wrote:
Some of this sounds like the "magic svcs" that I've seen people use for
"testing".
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Ray Overby
Sent: Thursday, October 14, 2010 6:54 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Mainframe hacking?
- Some code that is executing in an authorized state
- Supervisor state
- PSW key 0-7
- Ability to issue MODESET SVC (APF authorized)
- This code would have one of the following flaws:
- Store into requester provided storage address while in an
authorized state (usually means running in a system psw key (0-7))
- Branch to a requester provided storage address
- Returning control to the requester in an authorized state
SVCs, PC routines, and system exits all would have this potential.
On 10/14/2010 10:43 AM, Lindy Mayfield wrote:
What would constitute a "root kit" for MVS? Perhaps an SVC with some hidden
functionality?
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of David Cole
Sent: Thursday, October 14, 2010 5:08 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Mainframe hacking?
I read that article, and it is a good one. Interestingly (to me at least), on
the article's third web page, there is an excerpt from a post I made here in
2006. It's nice to know that someone is paying attention.
My entire post can be found at:
http://bama.ua.edu/cgi-bin/wa?A2=ind0608&L=IBM-MAIN&P=R63457&X=147B1F2
3465267AA41&Y=dbcole%40colesoft.com
I think the information in that post are highly relevant to the current thread.
Dave Cole REPLY TO: dbc...@colesoft.com
ColeSoft Marketing WEB PAGE: http://www.colesoft.com
736 Fox Hollow Road VOICE: 540-456-8536
Afton, VA 22920 FAX: 540-456-6658
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at
http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html