START will take all sorts of JCL statements as parameters. You can use it to recreate data sets that are needed for other things to start. Lennie
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Seymour J Metz Sent: 19 December 2023 14:52 To: [email protected] Subject: Re: Z/OS Survey - Unusuall system commands No, START. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Itschak Mugzach <[email protected]> Sent: Tuesday, December 19, 2023 9:23 AM To: [email protected] Subject: Re: Z/OS Survey - Unusuall system commands Seymour, Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using these weaknesses... BTW, I like your new Hebrew signature! ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: http://secure-web.cisco.com/1HFDwSALATpGpnOVQ1twvj_azjQO-49TCl66YZFiSGexFVtgJkqArNBLWq14ILxHxchctP5jw0R07PXsqOKidaa7KQIrorgeG3cKJFduizLKhcHE53HCgRQOzbg0MS58ChodSKN6oOU3P8VYqWoIFF2VRL2uFOaZHToBmQGAIQaDFnXV_E5uCdm4BtBTPzrXc3PotMpXndQTj6ODKe5CFxgJcAJc5buY2MuxA3pEIbImngo8exnCd4M59AKiKEyS7qfrtV6rA_YyljMDw7kVJ08WUO3oIEzKtbsZ0MsXUkEmAf4g04v5Nj9_rp4LWAaUBU7MRo2yZ1OgOnR8gDdWnKX1eMDIh5JQUTBRlrVqqjKKGmBNqMiqMGKHF2e_Q8PEItrsFtFUT1aCntdwgf_JNQ_V6Z592kGusGuZ5V9EmTj0/http%3A%2F%2Fwww.Securiteam.co.il **|* On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz <[email protected]> wrote: > I you control your console commands through SAF, you have fairly fine > granularity. > > BTW, a couple of decades ago I reported a similar issue .on a command > that is extremely common. If you're doing an audit, look at the > common commands in addition to the rare ones. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on > behalf of ITschak Mugzach <[email protected]> > Sent: Tuesday, December 19, 2023 3:12 AM > To: [email protected] > Subject: Z/OS Survey - Unusuall system commands > > There are some MVS commands that are hard to understand how and why > they were created. What bothers me is the fact that the input of the > commands that modify MVS behavior allows input from private dataset. > These are the first commands I am trying when I do a pentest... > For example: > *SETLOAD* allows on-the-fly change of parmlib concatenation using a > dataset that is not part of the parmlib concatenation itself. for > example: SETLOAD 03,PARMLIB,DSN=sys4.relson TCPCIP *OBEY* command > allows specification of TCPIP configuration from a private library. > > How frequent do you use these commands (if ever) and how do you > identify the use (assuming that the commands are protected by your > ESM). I wonder why IBM allows such a scenario. > > ITschak > > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Continuous > Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
