Hi Eric, The article is not talking about zero-day vulnerabilities with respect to RACF or the other ESMs. A prime example of the type of vulnerability the article is referring to would be the recent discussion of the SVC that put the caller into key-zero supervisor state. A vulnerability like that can occur also with SVCs or PCs that do not properly handle their parameters and write to storage in key zero instead of in the callers key. There are multiple examples but these are just two.
Lou -- Artificial Intelligence is no match for Natural Stupidity - Unknown On Tue, Oct 30, 2018 at 9:59 AM Eric Verwijs < [email protected]> wrote: > http://www.eweek.com/security/taking-a-closer-look-at-mainframe-security > > What zero-day vulnerabilities would there be? I’ve not heard of unpatched > security holes in Z/OS before. > > Unless you are not properly managing your data, that is, limit access to > confidential information, how would someone get it? Aside from of course, > phishing and other attacks aimed at the users and not the machine itself. > > > > Regards, > Eric Verwijs > > Programmer-analyste, RPC, SV et solutions de paiement - Direction générale > de l'innovation, information et technologie > Emploi et Développement social Canada / Gouvernement du Canada > [email protected] > Téléphone 819-654-0934 > Télécopieur 819-654-1009 > > Programmer Analyst, CPP, OAS, and Payment Solutions - Innovation, > Information and Technology Branch > Employment and Social Development Canada / Government of Canada > [email protected] > Telephone 819-654-0934 > Facsimile 819-654-1009 > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
