No one was asking for details on how to attach a task but since Mr. Gilmore requires a full explanation, the SRB schedules an IRB that does the attach. My point was that you can do anything with an SRB. Some of the hacks on Windows and Unix are far more complicated than this but someone always seems to abuse them. What makes this any different.
Peter's comments are about inherent risk in a single SRB. Risk is assessed through probability which is more than a single occurrence. With zIIP, we must be running in thousands of times the workload to achieve the payback that customers see. Much more code executing under an SRB. Product support staff's that never looked at an SRB because it was easier just to pass it on to development. Training staff on code that should never be moved to an SRB because of security exposure (e.g. end user programming languages implemented within a product). Vendor products that never used an SRB will start using SRB's. Most of these SRB's will be running key 8 and will never issue modeset. Inadvertant errors are not a problem. In the past, we would never have end user code run in an SRB. With zIIP, a large portion of our code is now being consider SRB eligible. Some of that code run's under TCB's that never had authorization where end users could never abuse it will now be a potential exposure. Proverbial saying: can't see the forest for the tree's. Jon Perryman >________________________________ > From: John Gilmore <[email protected]> >To: [email protected] >Sent: Sunday, November 3, 2013 11:42 AM >Subject: Re: Security exposure of zXXP was Re: zIIP simulation > > >I will not comment on Mr. Perryman's suspicions, which are not arguments. > >I will limit myself to noting that 1) an SRB cannot attach a subtask >and 2) a [different] SRB that it scheduled into another address space >would also disabled for I/O. > >Peter Relson's point is the important one here. > >The use of these facilities by the unwashed certainly has great >potential for bringing >down z/OS. The security threat posed by an SRB executed on a cheap >zIIP, zAAP, or the like is not, however, any greater in any way than >the security threat of an SRB executed on an expensive standard CP. > >As Lewis Carroll put it in THOTS: > >Just the place for a Snark! I have said it twice: >That alone should encourage the crew. >Just the place for a Snark! I have said it thrice: >What I tell you three times is true. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
