Re: SNA datastream

-----Original Message-----
From: Jason M. Felice <jasonf@Baldwingroup.COM>


>In any case, given how the 5250 protocol is designed, the AS/400 being
>susceptible to a buffer overflow attack is very possible given all the
>differnet structures expected to be different sizes in the 5250 data
stream.
>It's a much more complicated protocol than plain telnet, and therefore much
>more likely to have weeknesses.


I would draw the opposite conclusion, Jay. The rigorous definition of the
SNA
datastream, with each field strictly bounded by its length, IMO is designed
to
reduce rather than increase the scope for errors.  Of course I haven't seen
the OS/400 source code but I'd be willing to bet that it's 100% rock solid
in
this respect.

What you've got to remember is that OS/400 was built by IBM programmers
working in a culture where this kind of highly structured data had been the
norm for 20 years.  When I first saw Unix after 15 years of mainframe
programming, I couldn't believe how loosely defined protocols like SMTP and
Telnet could be made to work.  Now I've got more experience of Unix I
understand how it's possible for seasoned Unix programmers to design
reasonably robust implementations around these protocols.

Mainframe and Unix are quite simply at poles apart in their philosophy --
that's why I find the fusion of the two cultures so fascinating.

Cheers, Roger Bowler


+---
| This is the LINUX5250 Mailing List!
| To submit a new message, send your mail to LINUX5250@midrange.com.
| To subscribe to this list send email to LINUX5250-SUB@midrange.com.
| To unsubscribe from this list send email to LINUX5250-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---