I guess you could call it hacking. Or just using a wide-open system :-) The user would need:
- network access to the FTP and listen port - firewalls could prevent - the TCP stack could limit (TERMINAL, SERVAUTH, etc) - access to FTP and ability to upload an executable file - an FTP exit could be used to prevent either - permission to submit a job SAF and/or a FTP exit could limit this - job would need permission to listen on a port - user could be prevented from running a shell "default program" in OMVS segment Kirk Wolf Dovetailed Technologies http://dovetail.com On Sat, May 18, 2013 at 3:17 PM, John McKown <[email protected]>wrote: > > http://mainframed767.tumblr.com/post/50574743147/big-iron-back-door-maintp-part-two > > basically the person must be able to ftp into a UNIX subdirectory and > to submit a job. They upload a program called "netcat" into a data set > starting with their RACF id. They then submit a job which copies the > data set into the /tmp subdirectory with a "random" name, chmod the > name to be executable, then executes does starts the netcat in the > "background" (asynchronous to the batch job) and piping to/from the > z/OS UNIX shell. The "hacker" simply connects to the port that netcat > is listening on, and presto, they have a shell on their desktop. > > > > -- > This is a test of the Emergency Broadcast System. If this had been an > actual emergency, do you really think we'd stick around to tell you? > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
