× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. June 2000

RE: setsppfp bug

  • Subject: RE: setsppfp bug
  • From: "Bale, Dan" <DBale@xxxxxxxx>
  • Date: Fri, 9 Jun 2000 17:00:24 -0400 
Again, level 50 is not a trivial step up from level 30, is it?  Maybe I'm
letting my ignorance show (since I've never personally been involved in any
decision per the security level), but aren't there a *lot* of other
considerations involved before you just "flip the switch"?  If not, then why
doesn't everyone just change to level 50?

Yes, the LOGINP is a gaping bugger, but I can easily secure the signon
display file(s).  

How would I modify Gene's program to actually update the first 20 bytes of
the ODP?

- Dan Bale

> -----Original Message-----
> From: dhandy@isgroup.net [SMTP:dhandy@isgroup.net]
> Sent: Friday, June 09, 2000 4:38 PM
> To:   MI400@midrange.com
> Subject:      Re: setsppfp bug
> 
> Dan,
> 
> >what are the practical steps a shop can take *NOW* to prevent someone
> from
> >using the setsppfp API?  
> 
> Option 1: Run level 50.  Also secure your sign-on DSPF from changes.
> Implement a means to watch for new or changed objects running in the
> system state.
> 
> Option 2: Make a minor variation of Gene's program, but when you find
> that the first byte of "Work" is not 0 or 1, then alter the first 20
> bytes of Work to blanks or another filler character.  Create a CL
> program which calls this RPG, then does a TFRCTL to QCMD.  Make your
> CL the routing entry which gets called in each interactive subsytem in
> place of QCMD.  Your program will then get control fairly quickly
> after sign-on to clear the buffer data.  I suspect there is still a
> small window of exposure here.  Secure routing entries from being
> changed, and ensure current routing entries do not have a trojan horse
> or sniffer.
> 
> And secure your sign-on DSPF from changes.
> 
> What amazes me is how much attention Gene's 17-line RPG program is
> attracting, while nobody has said anything about the 1-line DDS change
> which works even at security level 50!  Like so many things, it seems
> so blatantly obvious when you hear about it.  It makes you wonder why
> you didn't think of it years ago.
> 
> I'm not saying Gene's program doesn't deserve the attention it gets --
> it does -- but why has nobody mentioned the trivial LOGINP exploit?
> 
> I'd hesitate to call either of the techniques a "bug", but exploit
> seems like a good word.
> 
> Doug
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.