An attacker who knew vendor product X included a magic SVC and who knew you had vendor product X (neither one being rocket science) would be all set, wouldn't he?
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tom Marchant Sent: Thursday, October 18, 2018 8:19 AM To: [email protected] Subject: Re: get ECSA key 7 storage under CICS On Thu, 18 Oct 2018 14:08:33 +0000, Barkow, Eileen wrote: >In order to call the SVC a programmer would have to know about it first as >well as have a need for it; >neither of which applied to any CICS application programmers. It isn't particularly difficult to take a dump, and search the SVC Table for a magic SVC that will put a program into supervisor state. It is a little harder to write a program to look for such an SVC. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
