The problem with Service Virtual Machines is that they may not always be
executing code under our control (Maybe a RDB, an IPL'ed guest OS that's
NOT cms, etc..)
So the WAKEUP or SMSG solution doesn't always apply.
Furthermore, as far as security is concerned, Virtual machines answering
to SMSG was already the prime security issue (Hence the possiblity to
disable a DIAG 8 to interpret 0x15 as a command separator.. Imagine a
class B virtual machine answering : "MSGNOH Sorry you command "0x15DET
1910x15LINK <user> 191 191 RR0x15IPL CMS PARM AUTOCR") and the user's
virtual machine 191 minidisk having a profile exec invoking a module
doing a nice DIAG 84 to alter the target's virtual machine privilege
classes to ABCDEFG.. Then With Class C, alter your own VMDBK to match
the one of the one holding the CP Directory (thus circumventing any
check on LINK passwords).. Yes I've done it, but that was +20 years ago,
so prescription probably applies here (I hope)
Yes.. With VM/SP (and probably beyond), this was a real possiblity.. And
now unless you have command/diag overrides, RACF or any other process
commanding access to those capabilities, it's still a real possibility..
(although DIAG 84 is pretty much protected by default thankfully).
--Ivan
