Ray Overby wrote: >I am a vendor so take my post with a grain of salt. For those that don't like >vendors to respond stop reading now...... (flame on)
I will take your post seriously. I have reviewed you webpage. Very interesting. You confirmed what I suspected, especially after those threads about [mis]use of SVC. One question if you don't mind please: Can you use or prove your point (elevating TSO, suppress SMF, etc) without being given access to a system in the first place? The idea is that you could enter a system and elevate yourself and place somewhere a signature to prove that you could 'white hack' the target system. Just a yes or no, please, because I realize that due to the nature not too much info can be divulged. >The ESM products did not stop the TSO user from exploiting this vulnerability. Very true. ESM is just a database. As said many times on RACF-L, it is the caller which call ESM, the ESM decides on what is found in its own database and report back with RC=0/4/8 plus reason codes. It is up to the whatever caller to honour the RC from an ESM. >If you are not concerned that your users can crash your z/OS system at any >time (maliciously or accidentally) As I have said, it is the INSIDER who are probably the greatest threat. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
