No, START. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Itschak Mugzach <00000305158ad67d-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, December 19, 2023 9:23 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands Seymour, Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using these weaknesses... BTW, I like your new Hebrew signature! ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: http://secure-web.cisco.com/1HFDwSALATpGpnOVQ1twvj_azjQO-49TCl66YZFiSGexFVtgJkqArNBLWq14ILxHxchctP5jw0R07PXsqOKidaa7KQIrorgeG3cKJFduizLKhcHE53HCgRQOzbg0MS58ChodSKN6oOU3P8VYqWoIFF2VRL2uFOaZHToBmQGAIQaDFnXV_E5uCdm4BtBTPzrXc3PotMpXndQTj6ODKe5CFxgJcAJc5buY2MuxA3pEIbImngo8exnCd4M59AKiKEyS7qfrtV6rA_YyljMDw7kVJ08WUO3oIEzKtbsZ0MsXUkEmAf4g04v5Nj9_rp4LWAaUBU7MRo2yZ1OgOnR8gDdWnKX1eMDIh5JQUTBRlrVqqjKKGmBNqMiqMGKHF2e_Q8PEItrsFtFUT1aCntdwgf_JNQ_V6Z592kGusGuZ5V9EmTj0/http%3A%2F%2Fwww.Securiteam.co.il **|* On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz <sme...@gmu.edu> wrote: > I you control your console commands through SAF, you have fairly fine > granularity. > > BTW, a couple of decades ago I reported a similar issue .on a command that > is extremely common. If you're doing an audit, look at the common commands > in addition to the rare ones. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf > of ITschak Mugzach <imugz...@gmail.com> > Sent: Tuesday, December 19, 2023 3:12 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Z/OS Survey - Unusuall system commands > > There are some MVS commands that are hard to understand how and why they > were created. What bothers me is the fact that the input of the commands > that modify MVS behavior allows input from private dataset. These are the > first commands I am trying when I do a pentest... > For example: > *SETLOAD* allows on-the-fly change of parmlib concatenation using a dataset > that is not part of the parmlib concatenation itself. for example: SETLOAD > 03,PARMLIB,DSN=sys4.relson > TCPCIP *OBEY* command allows specification of TCPIP configuration from a > private library. > > How frequent do you use these commands (if ever) and how do you identify > the use (assuming that the commands are protected by your ESM). I wonder > why IBM allows such a scenario. > > ITschak > > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Continuous Monitoring > for z/OS, x/Linux & IBM I **| z/VM coming soon * > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
