An SVC runs in supervisor mode; that's a much stronger privilege than UID(0). It's trivial to write such an SVC, but any competent auditor would shoot you down if you suggested it.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Tom Brennan [[email protected]] Sent: Sunday, January 30, 2022 2:57 AM To: [email protected] Subject: Re: More of LOG4J The badcyber.com page points to a program calling a magic SVC. Maybe that's what David is referring to? But I didn't read/understand enough to see if they used UID=0 somehow to implement that SVC, or if they had to rely on it already being in place, or if this program was used at all. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
