- The sad news is that integrity exposures exist today in every
z/OS system. There is no need to install anything other than what you
already have installed.
- These integrity exposures have already gotten past the "system's guys".
- Current systems programmers (in general) do not have the expertise
required to identify these problems. There are exceptions of course. :-)
- Yes, installing shareware code can lead to introducing integrity
exposures if you are not careful.
On 10/14/2010 12:24 PM, Lindy Mayfield wrote:
The whole point, I think, is to get it by the system's guys. Not sure how to do that.
So much easier on Windows. Still there are coming more and more "freeware" MVS
utilities, like showmvs. (It can run authorized I think, yes?) I don't think that it is
that carefully audited, somebody could slip something into there. Or some ported tool
like TSOCMD.
It would be very unlikely that something like that would get by you guys, but
good sysprogs are getting fewer and fewer, and, as an inside job perhaps,
someone may easily trick an admin into installing some useful utility that has
been compromised.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
David Cole
Sent: Thursday, October 14, 2010 7:27 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Mainframe hacking?
At 10/14/2010 12:24 PM, Chris Craddock wrote:
(as Bob knows) it is impossible to create/install a malicious FLIH or
SVC or PC without already having the keys to the kingdom anyway.
That is the foundation of integrity and the reason why the installation
has to appropriately protect system datasets and APF libraries.
Well that's just the problem, Chris, isn't it... The keys to the kingdom really
are not well guarded. That's what my 2006 post was all about.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html