Which is why I used to have a mod to prevent users from getting a R/W
190 or 19E via FTP. Maliciousness aside, I didn't want them trashing my
SSTAT and YSTAT !
Strasser, [EMAIL PROTECTED] wrote:
I know I'm coming a little late to this party, but this is *almost* what
Richard is looking for. This qualifies as a penetration, but not a penetration
*by hackers*.
Back when the FTP server was modified (rewritten?) to use the new surrogate
facility in CP, we had a user who tried to FTP a file to his 191 and entered
190 instead. Because of a bug this class G user was able to put a file on
MAINT's 190. It appeared that as long as you had a link in the directory, the
code didn't distinguish between read-only or read-write. We reported it, and it
was fixed by IBM in fairly short order. We also ran VM:Secure, but I believe
the vulnerability was a CP problem.
Now this was not an outside user or a planned attack, but the exposure *could* have been used by any class G user with bad intentions to replace any executable on the "S" disk.
Victor Strasser [EMAIL PROTECTED]
VM and Linux Support Unit
California Department of Technology Services
Phone: 916-464-4522
