× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.





Gary,

I'll allow hole plugs to be posted...without any problems...:)

This might also make for a good article or series...and hopefully the main
magazine won't chose to reprint them as I really hate paying for the same
things more than once....:)

Don in DC
MI400 List mgr...

---------

On Fri, 9 Jun 2000, Gary Guthrie wrote:

> Dan,
> 
> I've kept a lid on this hole for a long, long time. It appears that it
> is now becoming common knowledge. You have almost everything you need to
> take care of the problem except perhaps a little work management
> knowledge. I'll send you details on plugging this hole (unfortunately,
> there are other holes).
> 
> Gary Guthrie
> 
> 
> 
> "Bale, Dan" wrote:
> > 
> > Since the startup program can be secured, would this be a good interim step
> > until (if?) IBM fixes this bug?  Would you be willing to publish this
> > "eraser"?
> > 
> > - Dan Bale
> > 
> > > -----Original Message-----
> > > From: Leif Svalgaard [SMTP:leif@leif.org]
> > > Sent: Friday, June 09, 2000 1:13 PM
> > > To:   MI400@midrange.com
> > > Subject:      Re: setsppfp bug
> > >
> > > From: Bale, Dan <DBale@lear.com>
> > >
> > > > Well, this has been a fascinating, eye-opening, experience.  I have
> > > > retrieved several user IDs and passwords now.  So now we have a real,
> > > live,
> > > > working sniffer at level 30 & below.
> > > >
> > > > Don already asked the general question (and didn't get a direct answer),
> > > so,
> > > > what are the practical steps a shop can take *NOW* to prevent someone
> > > from
> > > > using the setsppfp API?  Can we slap *exclude authority on the object?
> > > > Oops, I see there's no object by that name.  Is there a way to sniff the
> > > > sniffer?  In other words, is there a way to tell if someone else is
> > > using
> > > > the setsppfp procedure?
> > >
> > > I think that Steve Glanstein's suggestion about having a startup program
> > > that erases the information in the buffer is one way to go. Both Steve and
> > > I have written such a program. The hole is that IBM does not erase it,
> > > but just lets it sit.
> > +---
> > | This is the MI Programmers Mailing List!
> > | To submit a new message, send your mail to MI400@midrange.com.
> > | To subscribe to this list send email to MI400-SUB@midrange.com.
> > | To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
> > | Questions should be directed to the list owner/operator: dr2@cssas400.com
> > +---
> +---
> | This is the MI Programmers Mailing List!
> | To submit a new message, send your mail to MI400@midrange.com.
> | To subscribe to this list send email to MI400-SUB@midrange.com.
> | To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: dr2@cssas400.com
> +---
> 

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.