RE: work files in qtemp -- RPG400-L

Hi Ken,

<snip> I don't think I'm being nit-picky. If Larry could do exactly what he said he could do, that would be a serious security issue. </snip>

<exactly what Larry said he could do>
You wouldn't believe how easy it is to get hold of another job's QTEMP
objects...

By the end of the day I'd written three VERY simple CL commands (and a
couple of processing programs in RPG) that allowed me to take control of any
job in the system and then force it to issue any commands I sent it.
</exactly what Larry said he could do>

I apologise if this statement conferred anything other than the ability I put forth in the code. But in my defence I specifically stated that my commands "force it to issue any commands I sent it". I think that is exactly what the code does. I did not mention accessing system objects beneath the MI or anything more mystical than simply telling another job to do what "I" want it to do.

Regarding security, if I access a job running under the QSECOFR profile I can grant myself *ALLOBJ authority. In fact I can grant myself ANY authority. I think that was enough to scare the heirarchy at my current workplace - that's why the CMDLOG part was put in. :-)

Anyway, I get your point. I just didn't mean what you thought I meant. Maybe I got your heart skipping and you was disappointed with the hack I presented, maybe not.

Cheers

Larry Ducie

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.