IBM does not support the ability to enter system state from an application 
program.  System state programs are patched (or altered) programs.  IBM 
has long advised customers to not use patched programs as they can cause 
unintended results including system crashes, data reliability issues and 
other problems.  Indeed, IBM is aware of a number of customers that have 
used patched programs (whether system state or not) that resulted in a 
system crash, sometimes at critical times for the customer.  

IBM believes patched programs may perform functions reserved for LIC and 
i5/OS.  This interaction requires an intimate knowledge of LIC and i5/OS 
by the developer of the product - information that includes trade secrets 
of IBM and is not published by IBM.  IBM believes developers of such 
patched programs may not fully understand all these interactions and 
consequences of such a patched program nor the implications of how such 
patched programs may affect the license agreements IBM has with its 
customers.

Having said that, you are correct.  The specific changes that I was 
referring to are not in V5R4.  However, there were a number of changes in 
V5R4 that improved protection of LIC and i5/OS.  And while many companies 
were involved in the early program offerings for V5R4, none has reported 
problems (that I'm aware of) related to these V5R4 changes.

Bruce Vining




Dave McKenzie <davemck@xxxxxxxxxxxxx> 
Sent by: mi400-bounces@xxxxxxxxxxxx
02/01/2006 04:03 PM
Please respond to
MI Programming on the AS400 / iSeries <mi400@xxxxxxxxxxxx>


To
MI Programming on the AS400 / iSeries <mi400@xxxxxxxxxxxx>
cc

Subject
Re: [MI400] V5R4 and patch programs






According to this post by Bruce Vining on 11/18/05:

  http://archive.midrange.com/mi400/200511/msg00013.html

system state programs won't be prevented in V5R4, but in some future
release.

Maybe someone who got V5R4 early can verify this.

 From the webcast PDF, "new hardware storage protection helps prevent
against rogue or altered programs from directly accessing system
objects, such as database records."

It looks like system state programs may still run, depending on what
they do.

(Message from UNDEL: "Who you callin' a rogue?" :-)

--Dave


Bryan Dietz wrote:
> and running the program  I posted the other day over the go faster 
library:
> 
> DATE:  2/01/06                        List System State Programs
> Page:     1
> 
> Program     Library     Release      State-Domain-Obsv-Attrib
> Owner      Text
> GOFSTP1     FASTERI53   V4R4M0        S     U      N
> QDFTOWN    GoFaster Pgm1
> GOFSTP2     FASTERI53   V4R4M0        S     U      N
> QDFTOWN    GoFaster Pgm2
> RDR0155     FASTERI53   V3R7M0        S     U      N
> QSECOFR
> RVCLNUP     FASTERI53   V3R6M0        S     U      N
> QSECOFR    Remote-View - cleanup errors
> RVGET       FASTERI53   V3R6M0        S     U      N
> QSECOFR    Remote-View - copy screen image
> RVMAIN      FASTERI53   V3R7M0        S     U      N
> QSECOFR    Remote-View - main program
> RVPROC      FASTERI53   V3R6M0        S     U      N
> QSECOFR    Remote-View - do processing
> RVSETUP     FASTERI53   V3R6M0        S     U      N
> QSECOFR    Remote-View - install
> WRKSYSACC   FASTERI53   V3R7M0        S     U      N
> QSECOFR    Work with System Activity II - cleanup errors
> WRKSYSACM   FASTERI53   V3R6M0        S     U      N
> QSECOFR    Work with System Activity II - main process
> Total Programs..........                  10
> 
> 
> It looks like none of these will run at v5r4 (as I understand the new
> "rules")
> 
> the fast400 program does not show as a system state program.
> 
> _____________________________
> Bryan Dietz
> Aktion Associates
> 
> 
> mi400-bounces@xxxxxxxxxxxx wrote on 02/01/2006 07:09:42 AM:
> 
>> Not necc true.  You do not "have" to be system state to go "into" 
system
>> state.  A program can move in and out at will.  So you could never see
> that
>> without the proper tools which would be terribly difficult unless you
> work
>> for IBM but maybe....  Which brings up the claim of GO FASTER that 
states
> it
>> runs in user state.  Doesn't mean it doesn't go SS at some point.  And
>> really if you play with the words I suppose any "Q" program could be
> claimed
>> to run user state by virtue of you calling it from user state.
>>
>> The other issue with this is believing that you could access the 
"magic"
>> governor data areas w/o going SS.  Again it's possible, but I doubt IBM
>> would stick it there.  Heck you can't even create an index anymore w/o
> being
>> SS.
>>
>> I think the FAST/400 attack was a ruse, not the real intent.  But it 
all
>> seems to have worked out for Leif in the end, bad for everyone else. He
> did
>> great work for everyone while it lasted. :)
>>


_______________________________________________
This is the MI Programming on the AS400 / iSeries (MI400) mailing list
To post a message email: MI400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/mi400
or email: MI400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/mi400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.