Wrong thread, Lennie... Itschak
*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Wed, Dec 20, 2023 at 3:35 PM Lennie Dymoke-Bradshaw < [email protected]> wrote: > Maybe my statement needs correcting. I meant DD parameters, rather than > JCL statements. > I have done this, but it was over 30 years ago. I believe you can specify > many JCL parameters which can go on DD statements. These are then applied > to the IEFRDER DD statement. > Happy to be corrected if someone else has better knowledge or if behaviour > has changed since then. > > Lennie Dymoke-Bradshaw > https: //rsclweb.com > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Seymour J Metz > Sent: 20 December 2023 12:31 > To: [email protected] > Subject: Re: Z/OS Survey - Unusuall system commands > > ? > > What JCL statements can START provide. As for parameters, that's limited > to JOB, EXEC and DD. > > Of course, that's enough for a competent auditor to check who can use what. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Lennie Dymoke-Bradshaw <[email protected]> > Sent: Tuesday, December 19, 2023 7:33 PM > To: [email protected] > Subject: Re: Z/OS Survey - Unusuall system commands > > START will take all sorts of JCL statements as parameters. You can use it > to recreate data sets that are needed for other things to start. > Lennie > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Seymour J Metz > Sent: 19 December 2023 14:52 > To: [email protected] > Subject: Re: Z/OS Survey - Unusuall system commands > > No, START. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Itschak Mugzach <[email protected]> > Sent: Tuesday, December 19, 2023 9:23 AM > To: [email protected] > Subject: Re: Z/OS Survey - Unusuall system commands > > Seymour, > Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using > these weaknesses... > > BTW, I like your new Hebrew signature! > > ITschak > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* > *Skype**: ItschakMugzach **|* *Web**: > http://secure-web.cisco.com/1HFDwSALATpGpnOVQ1twvj_azjQO-49TCl66YZFiSGexFVtgJkqArNBLWq14ILxHxchctP5jw0R07PXsqOKidaa7KQIrorgeG3cKJFduizLKhcHE53HCgRQOzbg0MS58ChodSKN6oOU3P8VYqWoIFF2VRL2uFOaZHToBmQGAIQaDFnXV_E5uCdm4BtBTPzrXc3PotMpXndQTj6ODKe5CFxgJcAJc5buY2MuxA3pEIbImngo8exnCd4M59AKiKEyS7qfrtV6rA_YyljMDw7kVJ08WUO3oIEzKtbsZ0MsXUkEmAf4g04v5Nj9_rp4LWAaUBU7MRo2yZ1OgOnR8gDdWnKX1eMDIh5JQUTBRlrVqqjKKGmBNqMiqMGKHF2e_Q8PEItrsFtFUT1aCntdwgf_JNQ_V6Z592kGusGuZ5V9EmTj0/http%3A%2F%2Fwww.Securiteam.co.il > **|* > > > > > > On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz <[email protected]> wrote: > > > I you control your console commands through SAF, you have fairly fine > > granularity. > > > > BTW, a couple of decades ago I reported a similar issue .on a command > > that is extremely common. If you're doing an audit, look at the > > common commands in addition to the rare ones. > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > עַם יִשְׂרָאֵל חַי > > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > > > ________________________________________ > > From: IBM Mainframe Discussion List <[email protected]> on > > behalf of ITschak Mugzach <[email protected]> > > Sent: Tuesday, December 19, 2023 3:12 AM > > To: [email protected] > > Subject: Z/OS Survey - Unusuall system commands > > > > There are some MVS commands that are hard to understand how and why > > they were created. What bothers me is the fact that the input of the > > commands that modify MVS behavior allows input from private dataset. > > These are the first commands I am trying when I do a pentest... > > For example: > > *SETLOAD* allows on-the-fly change of parmlib concatenation using a > > dataset that is not part of the parmlib concatenation itself. for > > example: SETLOAD 03,PARMLIB,DSN=sys4.relson TCPCIP *OBEY* command > > allows specification of TCPIP configuration from a private library. > > > > How frequent do you use these commands (if ever) and how do you > > identify the use (assuming that the commands are protected by your > > ESM). I wonder why IBM allows such a scenario. > > > > ITschak > > > > ITschak Mugzach > > *|** IronSphere Platform* *|* *Information Security Continuous > > Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to [email protected] with the message: INFO IBM-MAIN > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
