× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. June 2000

Re: setsppfp bug

  • Subject: Re: setsppfp bug
  • From: Gary Guthrie <GaryGuthrie@xxxxxxxx>
  • Date: Fri, 09 Jun 2000 13:31:18 -0500
 
Dan,

I've kept a lid on this hole for a long, long time. It appears that it
is now becoming common knowledge. You have almost everything you need to
take care of the problem except perhaps a little work management
knowledge. I'll send you details on plugging this hole (unfortunately,
there are other holes).

Gary Guthrie



"Bale, Dan" wrote:
> 
> Since the startup program can be secured, would this be a good interim step
> until (if?) IBM fixes this bug?  Would you be willing to publish this
> "eraser"?
> 
> - Dan Bale
> 
> > -----Original Message-----
> > From: Leif Svalgaard [SMTP:leif@leif.org]
> > Sent: Friday, June 09, 2000 1:13 PM
> > To:   MI400@midrange.com
> > Subject:      Re: setsppfp bug
> >
> > From: Bale, Dan <DBale@lear.com>
> >
> > > Well, this has been a fascinating, eye-opening, experience.  I have
> > > retrieved several user IDs and passwords now.  So now we have a real,
> > live,
> > > working sniffer at level 30 & below.
> > >
> > > Don already asked the general question (and didn't get a direct answer),
> > so,
> > > what are the practical steps a shop can take *NOW* to prevent someone
> > from
> > > using the setsppfp API?  Can we slap *exclude authority on the object?
> > > Oops, I see there's no object by that name.  Is there a way to sniff the
> > > sniffer?  In other words, is there a way to tell if someone else is
> > using
> > > the setsppfp procedure?
> >
> > I think that Steve Glanstein's suggestion about having a startup program
> > that erases the information in the buffer is one way to go. Both Steve and
> > I have written such a program. The hole is that IBM does not erase it,
> > but just lets it sit.
> +---
> | This is the MI Programmers Mailing List!
> | To submit a new message, send your mail to MI400@midrange.com.
> | To subscribe to this list send email to MI400-SUB@midrange.com.
> | To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: dr2@cssas400.com
> +---
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.