Gerard 46 wrote: > If there were holes in zVM, they'd be closed. After all, ZVM is designed > to not let anyone out of their sandbox, even if you have access to the > source (as it was in the good ole days), and even back then looking at > the source, it was a hard thing to do. ____________________________Gerard S.
a little drift on the next, new, new (40 yr old) thing in security http://www.nsa.gov/selinux/list-archive/0409/8362.cfm a lot of attacks on systems in the past have frequently been some sort of escalation of privileges. something has enuf privileges to place a file somewhere in the system that some other entity with more privileges will execute. automatic execution of code arriving in email (trojans/viruses) could be classified this way. we actually had to look into a form of this in the 70s on the internal network http://www.garlic.com/~lynn/subnetwork.html#internalnet ... and formed some statements about automatic scripting of packages arriving over the network. lots of infrastructures are attacked at other vulnerability points ... like harvesting of passwords for impersonation attacks. misc. http://www.garlic.com/~lynn/subpubkey.html#harvest during FS project http://www.garlic.com/~lynn/subtopic.html#futuresys there was a security effort to make much of the documents only available electronicly online via special cms systems (considered more secure than having lots of paper flowing around). some of the people working on the effort once made the rash statement that even if I was in the machine room, "even" i wouldn't be able to access the documents. one of the few times i rose to the bait, i countered with it might take five minutes. turns out most of the time was spent disabling the machine from access outside the machine room; because i was about to flip a bit in kernel memory. the bit i flipped was in the branch instruction that followed the return from the authentication checking routine (everything was about to be taken as valid authentication). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
