|
midrange.com
> if you patch the program you can arrange to branch to [whatever you
wish]
Well, sure. IF you allow someone access to DST/SST and IF they patch a
program using byte-level service functions specifically exempted from the
security arrangements for servicability's sake, then all bets are off. No
security system on any computer, anywhere, can stand up to someone trusted
that deeply violating that trust.
This is Security 101 kind of stuff. However, on a one-machine kind of
basis, this is identical to the worry that someone would corrupt an
individual business-critical data base (which is at least as easy to do for
someone with that much trust -- and by people with even less trust, like
merely "update" authority to a key file).
Until and unless we have computers capable of being independent moral
agents (ie, with no field service arrangements whatever), this will be an
issue on all machines. I think independent moral agents are a ways off for
technical and social reasons ;-).
The question that matters in the long run, especially since the original
topic was Trojan Horses and Viruses is: Can these things be propagated
widely?
Unlike other machines, with OS/400, you cannot ship the resulting patched
program to another system and restore it or otherwise cause it to become a
*PGM/*SRVPGM object on that machine (at least not without elaborate or at
least manual access to DST/SST .... which is not particularly likely in
another organization ;-) ).
This makes viruses, at least, much more difficult to propagate widely _even
when_ this degree of trust is violated. On Windows, say, or any Unix, if I
have enough "trust" to patch privileged code in this manner, I could
potentially ship the result to any other user. I must only get them to put
it on their machine "somehow" (like, "Here's a picture of Anna K"). In
that case, I will have propagated whatever I wished to those systems. Many
Trojan Horses rely on enticing a "security officer" or similar user to
click on an executable attachment (which OS/400 doesn't allow either --
there's a reason you don't see "Press PF5 to execute the attachment") to
install this sort of thing. So, all the way around, with OS/400, this
doesn't happen, because the restore of a patched program is exceedingly
difficult to manage and because the system deliberately lacks these kinds
of enticement interfaces in its various mail and other interfaces.
So, no, I don't expect to see virii any time soon on OS/400.
The lack of easy execution of "attached executables" -- not an accident --
also makes Trojan Horses an unsatifactory exercise for the malicious on
OS/400.
Larry W. Loen - Senior Java and iSeries Performance Analyst
Dept HP4, Rochester MN
Speaking very much on his own
+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
