In <[EMAIL PROTECTED]>, on
04/15/2008
at 06:19 PM, Lindy Mayfield <[EMAIL PROTECTED]> said:
>__ Call an SVC that flips the JSCBAUTH bit back on. This is
>non-standard. If it is to be implemented even on a development system
>then added security needs to be built in to make sure it isn't misused.
I've yet to see one that didn't have security holes.
>__ Simply put all the authorized stuff into an SVC or PC routine.
With adequate validation and security controls.
>Are there more ways?
Probably; I prefer getting IBM to plug them even though that prevents me
from exploiting them.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
