On 28 August 2012 23:28, Paul Gilmartin <paulgboul...@aim.com> wrote:
> Actually, in HLASM I could do anything, even write my own TMP. If I wanted > to. > If I knew how. Couldn't I? You perhaps could, but the how is no longer documented, and requires use of OCO control blocks. IBM used to have a manual called Guide to Writing a Terminal Monitor Program or a Command Processor (or maybe the two topics were the other way around in the title), but that was dropped in TSO/E, and replaced with a TSO/E Programming Guide, which has little to say about the TMP, and nothing at all about writing one. One might still be able to write an unauthorized TMP using a combination of current and pre-TSO/E documentation, but it would be difficult to support REXX and a number of other facilities. Of course it can be argued that IEFBR14 is a TMP, but to go much beyond that degenerate example would take a good deal of effort. > And If I can prompt for passwords, I can > copy them. Sounds like a security exposure to me. I'm not sure I see the exposure. If you are in a position to present a fake logon screen, then you can of course capture passwords. This exposure has been well known for half a century and was commonly exploited in university terminal rooms of the 1970s. Any TSO application program can issue a "logon" screen, and hope for the gullible to pass by; it has nothing to do with writing a TMP that I can see. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
