On Mon, 1 Apr 2013 13:53:49 -0500, John Gilmore wrote: >Edward Jaffe has now, inevitably and I trhink wisely, blown the gaff. > >As some few of you perhaps did not already know, the prototypically C >data type of an SBCS string "of conceptually unlimited length", EOS >delimited by a nul, x'00', has been exploited over and over again to >do great mischief. > >The LONGPARM-enablement flag provided by the Binder for authorized >programs that request it provides some protection against the misuse >of 32760 PARM bytes for malicious purposes. > It is sufficient unless a programmer thoughtlessly asserts LONGPARM on an AC=1 executable that does not validate its PARM.
>We shall see whether it is enough protection. I suspect that it is >not. I could, if I wished, write a species of bootstrap loader in >much less than 32760 bytes that would read more from the PARMDD data >set; and I can think of others, regular contributors here, who could >do a better job of it. I do not, however, have a better alternative >suggestion to make within this design framework. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
