I am amazed at the uproar over this. Is there anything that a PCFLIH backdoor can accomplish that any AC=1 module in any APF authorized library cannot? Is there anyone else out there that is running any vendor code for which they have not done code reviews that is running AC=1 in any APF authorized library? Is there anyone else out there that is running any home grown code with an AC=1 in an APF authorized library for which they have not done code reviews? Is there anyone else out there that has libraries in the APF list that can be updated by anything other than there change control system that only allows modules that have been through code reviews to be installed in their APF authorized libraries?
How you allow code to get into supervisor state is of no consequence once it is in supervisor state so, unless you have a pristine system where every load module library on the system is totally locked down and only the OS libraries supplied by IBM appear in the APF list, you have by definition accepted exposures to system integrity. Does your management understand just how exposed you have left all the company secrets? Using a PCFLIH backdoor is only one of many techniques that can be used to accomplish getting yourself into supervisor state and sometimes it is the right technique and sometimes it is not. Back in the late 70's I wrote a PCFLIH backdoor because it was not only the correct technique it was the only technique that would work. My company and its sister companies had many 168APs that did not have the MVS/SE hardware assist installed. At that time IBM wanted about $150K per system for the hardware upgrade and we already had plans to replace all of them over the next 3 years with 3033s so there was no money to upgrade them. I wrote an SE hardware emulator that would run on Ups, APs, and MPs and while you got a 15% performance increase with the hardware upgrade and MVS/SE we still got around 12% with my PCFLIH hardware emulator and we were able to move to MVS/SE 3 years sooner that we could have had we all had to wait until all the 168s were replaced. If there was any criminal activity involved in this entire affair I believe it was on IBM's part for trying to charge us $150K per system for a microcode upgrade to a bunch of outdated systems and not on the part any PCFLIH code that I wrote so I outright reject your assertion that a PCFLIH backdoor is any more criminal than running any AC=1 module in any APF authorized library that you as the systems programmer have not personally code reviewed before you allowed it to run on any system that you are responsible for! Gene Pate CSX Technology Enterprise Architecture ----------------------------------------- This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
