RE: DB2UDB hack

PASE is not a closed off separate environment like the other environments
you use as examples.

Given that, it's hard to see how it can be considered anything but a native
i5/os service regardless of our opinions of it or it's security.

Would you consider the 36 environment a non-native i5/os service ? Seems to
me that falls into much the same space as PASE.

Regards
Evan Harris

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx

[mailto:midrange-l-bounces@xxxxxxxxxxxx]

On Behalf Of Joe Pluta
Sent: Thursday, 25 October 2007 10:03 a.m.
To: 'Midrange Systems Technical Discussion'
Subject: RE: DB2UDB hack

From: Joe Pluta

I guarantee they haven't performed a buffer overrun exploit on any
native i5/OS service, and it's fuzzy statements like "take advantage
of these leaks" that make me crazy.

Just to be clear, by "they" above, I mean your "benevolent hackers" and

not

anybody at IBM's labs. As I've noted, there's a theoretical possibility

that

someone with the skills of Leif Svalgaard and the knowledge of a bug in an

IBM

program MIGHT be able to somehow cause i5/OS to execute a data buffer, but

I'm

pretty comfortable nobody in the outside world has ever done so, or will

ever

do so.

And in case I haven't been crystal clear, I do not include PASE in this
statement. PASE is not i5/OS, any more than a Linux partition is or

Windows

running in VMWare on a Mac is OS X.

Joe