, that number also has to be within certain
boundaries so the low bytes meet the same range check.
At 12:59 -0600 on 12/03/2013, Ray Overby wrote about Re:
Un-authorized caller calling authorized services.:
I'm not sure what you are saying there.
CH does not ignore the high order bytes
Sent: Tuesday, December 3, 2013 9:54:00 PM
Subject: Re: Un-authorized caller calling authorized services.
Definitely a large positive number over 2^16-1 (so there is something
other than zeros in the high 2 bytes).
The low 2 bytes have to be between x and x0008 to pass the CH
R1,=H8
On Wed, 4 Dec 2013 16:57:29 +, DASDBILL2 dasdbi...@comcast.net wrote:
It appears that if R1 contains a -4, -8, or -12, then the code will go into an
infinite loop. This would not cause a security breach, but it is still an
error.
Bill Fairchild
Franklin, TN
That is true, but given the
On Mon, 2 Dec 2013 13:36:43 -0600, Ray Overby ray.ove...@kr-inc.com wrote:
When creating authorized code I use the following guidelines:
- It is not good enough that the authorized code functions as
designed. Authorized code has a higher standard that it must adhere to.
Your code must not
flawed function code validation - If you pass a negative number or a
large positive number you can control where the SVC branches to. I have
seen these types of problems in the wild where I was able to branch to
a private area where any code you wanted could be executed.
Ray Overby
Key
In eqhp99hrteh41cg45872irb1a8ru18c...@4ax.com, on 12/02/2013
at 07:47 PM, Binyamin Dissen bdis...@dissensoftware.com said:
On Sun, 1 Dec 2013 18:04:18 -0500 Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
:In
:b6c1eb4364c30e47950e0f68ef65f467015...@proditmailbox1.us.syncsort.com,
In 2958507380311552.wa.woodagozemail.com...@listserv.ua.edu, on
12/03/2013
at 12:46 PM, Andy Wood woo...@ozemail.com.au said:
So what happens if it is called with a function code that is not a
multiple of 4? Actually, it has a bigger problem than that, can you
spot it?
ITYM a smaller problem
On 12/3/2013 1:59 PM, Ray Overby wrote:
flawed function code validation - If you pass a negative number or a
large positive number you can control where the SVC branches to. I have
seen these types of problems in the wild where I was able to branch to
a private area where any code you wanted
the same range check.
At 12:59 -0600 on 12/03/2013, Ray Overby wrote about Re:
Un-authorized caller calling authorized services.:
flawed function code validation - If you pass a negative number or a
large positive number you can control where the SVC branches to. I
have seen these types
trying to stay away from
having to add a new address space to the product
I have seen programs do the following:
- Create/Schedule an IRB to run in ASID=1 under what one
might call the NIP task (there is possibly no intended
interface to determine this task; it happens to be the task
that
On Sun, 1 Dec 2013 18:04:18 -0500 Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
:In
:b6c1eb4364c30e47950e0f68ef65f467015...@proditmailbox1.us.syncsort.com,
:on 11/30/2013
: at 09:53 PM, Blaicher, Christopher Y. cblaic...@syncsort.com
:said:
:
:- Don't ever read data from a
-authorized caller calling authorized services.
In 021001ceee3c$9f1fe880$dd5fb980$@TheThomasResidence.us, on
11/30/2013
at 08:25 PM, Jim Thomas j...@thethomasresidence.us said:
In a nutshell, I'm trying to find out what the best way is for an
un-authorized called to call / invoke a SRB.
It can't
On 1 December 2013 20:47, Jim Thomas j...@thethomasresidence.us wrote:
That said, AFAIK, there's really not much, save but for a RACROUTE
REQUEST=AUTH perhaps, that I could do in terms of validation, I could do.
Then again, even w/a RACROUTE/AUTH, it
still does not guarantee integrity.
All
@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
On Sat, 30 Nov 2013 21:53:06 + Blaicher, Christopher Y.
cblaic...@syncsort.com wrote:
:There are a number of things you need to do to prevent an integrity
exposure. At one point I saw a presentation by IBM
TPROT
TPROT can tell you it is not OK. It almost never can tell you fully it
is OK because of time-of-check to time-of-use exposures.
In a nutshell, I'm trying to find out what the best way is for
an un-authorized called to call / invoke
a SRB.
Not only is there no best way there is no way.
It might be helpful to have the OP tell us _exactly_ what authorized
function he needs to be done on behalf of his unauthorized user program.
Perhaps there is another way to get 'er done.
--
For IBM-MAIN subscribe / signoff /
On Sat, 30 Nov 2013 20:25:36 -0600, Jim Thomas j...@thethomasresidence.us
wrote:
My service is a SRB and given, SRBPARM, will be executing some code that I
am given.
That sounds extremely unsafe, from a system integrity perspective. In general
you cannot depend on an unauthorized caller to
Subject: Re: Un-authorized caller calling authorized services.
TPROT
TPROT can tell you it is not OK. It almost never can tell you fully it is
OK because of time-of-check to time-of-use exposures.
In a nutshell, I'm trying to find out what the best way is for an
un-authorized called to call
caller calling authorized services.
On Sat, 30 Nov 2013 20:25:36 -0600, Jim Thomas j...@thethomasresidence.us
wrote:
My service is a SRB and given, SRBPARM, will be executing some code
that I am given.
That sounds extremely unsafe, from a system integrity perspective. In general
you cannot depend
suggestions and advice.
Kind Regards.
Jim Thomas
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Rob Scott
Sent: Sunday, December 01, 2013 8:10 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services
In
b6c1eb4364c30e47950e0f68ef65f467015...@proditmailbox1.us.syncsort.com,
on 11/30/2013
at 09:53 PM, Blaicher, Christopher Y. cblaic...@syncsort.com
said:
- Don't ever read data from a caller's address space when you are
.not in the caller's key.
MVCK
- Don't EVER, EVER write data to a
In 021001ceee3c$9f1fe880$dd5fb980$@TheThomasResidence.us, on
11/30/2013
at 08:25 PM, Jim Thomas j...@thethomasresidence.us said:
In a nutshell, I'm trying to find out what the best way is for an
un-authorized called to call / invoke a SRB.
It can't. The only ways for unauthorized code to
, thank you everybody.
Kind Regards.
Jim Thomas
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Shmuel Metz (Seymour J.)
Sent: Sunday, December 01, 2013 5:12 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling
On Sat, 30 Nov 2013 14:08:39 -0600 Jim Thomas j...@thethomasresidence.us
wrote:
:I have an authorized service that I've written but needs to be able to allow
un-authorized callers
:to use.
:Could anybody please provide any direction on the best way to implement this
??. I've already
:looked
Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Binyamin Dissen
Sent: Saturday, November 30, 2013 3:09 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
On Sat, 30 Nov 2013 14:08:39 -0600 Jim Thomas j...@thethomasresidence.us
wrote:
:I have
...@syncsort.com
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Jim Thomas
Sent: Saturday, November 30, 2013 3:09 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
Forgive me,
I have
Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Blaicher, Christopher Y.
Sent: Saturday, November 30, 2013 3:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
There are a number of things you need
, Christopher Y.
Sent: Saturday, November 30, 2013 3:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
There are a number of things you need to do to prevent an integrity exposure.
At one point I saw a presentation by IBM on this, but right now I can't
On Sat, 30 Nov 2013 21:53:06 + Blaicher, Christopher Y.
cblaic...@syncsort.com wrote:
:There are a number of things you need to do to prevent an integrity exposure.
At one point I saw a presentation by IBM on this, but right now I can't place
my hands on it. If I do find it, I will post
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Un-authorized caller calling authorized services.
On Sat, 30 Nov 2013 21:53:06 + Blaicher, Christopher Y.
cblaic...@syncsort.com wrote:
:There are a number of things you need to do to prevent an integrity
exposure. At one point I saw a presentation by IBM
30 matches
Mail list logo