On Sat, 17 Mar 2007 15:40:40 -0300, Clark Morris wrote: > > > >No problem at all. My /SMPNTS is in its own HFS file and is multivolume, > >not on a RES type pack at all. I plan to "cheat" in that I now have a > >Linux desktop. I plan to NFS mount the /SMPNTS subdirectory to that > >desktop and keep the Internet downloaded files there instead of on a > >z/OS UNIX file. As best as I can tell, it should work. > > Doesn't this introduce a security issue in that you could modify the > IBM download? > > Well, yes. But actually, no; it just makes it easier. Deprived of this technique, he could do a RECEIVE FROMNETWORK; modify the TLIBs with AMASPZAP; rebuild the download with GIMZIP and be in the same position. Actually, it's easier that way, because GIMZIP recalculates the SHA1 checksums for him.
To be secure, his administrators should remove GIMZIP and AMASPZAP from his system, and make sure he has neither the tools nor the authority to modify APF authorized libraries. In fact, any modification to the download is readily detected by verifying the checksums against the originals at the IBM site. This verification would be easier if SMP/E logged the checksums during the RECEIVE. But you would need to make sure he doesn't counterfeit the logs. Or do a MITM intrusion to the checksum verification. Etc. -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
