I watched a Soldier of Fortran hacking video the other day where Phil
noted to an audience of Linux folks how odd it was that MVS loaded
parameters and settings into memory control blocks. In Unix they say,
"Everything is a file", which is as odd to me as I'm sure they all felt.
On 2/4/2022 12:35 PM, Matt Hogstrom wrote:
And this IMHO is why the shared access to OS control blocks without access
controls makes z/OS less secure than a Linux Kernel which is locked down. I
think the clarification is cover for “we have a significant read-only
vulnerability” that needs to be corrected. Giving away information that shares
attack vectors makes an attacker’s job easier.
Matt Hogstrom
PGP key 0F143BC1
On Feb 4, 2022, at 06:42, Radoslaw Skorupka <[email protected]> wrote:
IBM's clarification: the information in PARMLIB is accessible to any
non-privileged user via control blocks, CVT, etc.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
