That only works if there is such an SVC. A competent auditor would red flag it immediately. Alas, not every auditor is competent :-(
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Itschak Mugzach [[email protected]] Sent: Sunday, January 30, 2022 3:07 AM To: [email protected] Subject: Re: More of LOG4J Tom, This is an old trick that allows a program to call SVC to switch to supervisor mode and key zero. Once you are there, you can do almost everything. for example, login to another user without specifying a password, use the bypass userid, and so on. However, David only mentions a facility that is quite common, but hasn't proved it was used in an illegal operation. Best, ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
