New security holes? Was: Re: FW: paradox ? -- MI400

Gene,

does this mean that IBM's recent PTF to close the signon-password
hole really doesn't matter? Is this a new hole?

----- Original Message -----
From: <Gene_Gaunt/ReviewWorks@reviewworks.com>
To: <MI400@midrange.com>
Sent: Friday, July 14, 2000 3:03 PM
Subject: Re: FW: paradox ?


> Modules have states.  UPDPGM and UPDSRVPGM fail with CPD5CF7 if user state
> tries to bind with system state.  On level 30 a user state can reference
> the system domain, like the following RPGLE that still displays a
> workstation's  first "Read MDT Fields" input buffer.  The external
> parameter is a signed-on workstation name in the same subsystem that runs
> this program.
>
>      H dftactgrp( *no ) bnddir( 'QC2LE' )
>
>      D Pco             PR              *   extproc( '_PCOPTR' )
>
>      D Setsppfp        PR              *   extproc( 'setsppfp' )
>      D   Object                      16A   value
>
>      D Setsppo         PR              *   extproc( 'setsppo' )
>      D   Pointer                       *   value
>      D   Offset                      10U 0 value
>
>      D Work            DS                  based( Work@ )
>      D   Forward                     10U 0 overlay( Work :   1 )
>      D   Buffer@                       *   overlay( Work :  65 )
>      D   Request@                    16A   overlay( Work :  97 )
>      D   ODP@                          *   overlay( Work : 129 )
>      D   Table@                        *   overlay( Work : 225 )
>
>      C     *entry        plist
>      C                   parm                    Display          10
>
>      C                   eval      *INLR = *on
>      C                   if        %Parms >= 1
>      C                   eval      Work@ = Pco
>      C                   eval      Work@ = Table@
>      C                   eval      Work@ = Setsppo( Work@ : 128 )
>      C                   dou       Forward = 0
>      C                   if        Display = %subst( Work : 7 : 10 )
>      C                   if        ODP@ <> *null
>      C                   eval      Work@ = ODP@
>      C                   eval      Work@ = Setsppfp( Request@ )
>      C                   eval      Work@ = Buffer@
>      C                   eval      UPass = %subst( Work : 7 : 26 )
>      C                   dsply                   UPass            26
>      C                   endif
>      C                   leave
>      C                   endif
>      C                   eval      Work@ = Setsppo( Work@ : Forward )
>      C                   enddo
>      C                   endif
>
>
> +---
> | This is the MI Programmers Mailing List!
> | To submit a new message, send your mail to MI400@midrange.com.
> | To subscribe to this list send email to MI400-SUB@midrange.com.
> | To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: dr2@cssas400.com
> +---
>

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.