An SVC runs in supervisor mode; that's a much stronger privilege than UID(0). It's trivial to write such an SVC, but any competent auditor would shoot you down if you suggested it.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Tom Brennan [t...@tombrennansoftware.com] Sent: Sunday, January 30, 2022 2:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: More of LOG4J The badcyber.com page points to a program calling a magic SVC. Maybe that's what David is referring to? But I didn't read/understand enough to see if they used UID=0 somehow to implement that SVC, or if they had to rely on it already being in place, or if this program was used at all. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN