On Sat, 18 May 2013 15:17:22 -0500, John McKown wrote: >http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two > >basically the person must be able to ftp into a UNIX subdirectory and >to submit a job. They upload a program called "netcat" into a data set >starting with their RACF id. They then submit a job which copies the >data set into the /tmp subdirectory with a "random" name, chmod the >name to be executable, then executes does starts the netcat in the >"background" (asynchronous to the batch job) and piping to/from the >z/OS UNIX shell. The "hacker" simply connects to the port that netcat >is listening on, and presto, they have a shell on their desktop. > And the batch job may be submitted via FTP; the hacker needn't have a TSO session. And it's pretty obvious that FTP submit doesn't use TSO SUBMIT internally, so it's fairly likely that the TSO exits won't be entered.
I was surprised when the z/OS FTP server gained the ability to deal with named pipes -- that feels risky. I wonder who required it. Named pipes on client -- not so bad. Years ago in one of these fora I suggested that xterm might be used as this article suggests netcat. That would put the server (X11) on the desktop and the client on the z -- no need to listen on a port. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
