IBM does not support the ability to enter system state from an application program. System state programs are patched (or altered) programs. IBM has long advised customers to not use patched programs as they can cause unintended results including system crashes, data reliability issues and other problems. Indeed, IBM is aware of a number of customers that have used patched programs (whether system state or not) that resulted in a system crash, sometimes at critical times for the customer. IBM believes patched programs may perform functions reserved for LIC and i5/OS. This interaction requires an intimate knowledge of LIC and i5/OS by the developer of the product - information that includes trade secrets of IBM and is not published by IBM. IBM believes developers of such patched programs may not fully understand all these interactions and consequences of such a patched program nor the implications of how such patched programs may affect the license agreements IBM has with its customers. Having said that, you are correct. The specific changes that I was referring to are not in V5R4. However, there were a number of changes in V5R4 that improved protection of LIC and i5/OS. And while many companies were involved in the early program offerings for V5R4, none has reported problems (that I'm aware of) related to these V5R4 changes. Bruce Vining Dave McKenzie <davemck@xxxxxxxxxxxxx> Sent by: mi400-bounces@xxxxxxxxxxxx 02/01/2006 04:03 PM Please respond to MI Programming on the AS400 / iSeries <mi400@xxxxxxxxxxxx> To MI Programming on the AS400 / iSeries <mi400@xxxxxxxxxxxx> cc Subject Re: [MI400] V5R4 and patch programs According to this post by Bruce Vining on 11/18/05: http://archive.midrange.com/mi400/200511/msg00013.html system state programs won't be prevented in V5R4, but in some future release. Maybe someone who got V5R4 early can verify this. From the webcast PDF, "new hardware storage protection helps prevent against rogue or altered programs from directly accessing system objects, such as database records." It looks like system state programs may still run, depending on what they do. (Message from UNDEL: "Who you callin' a rogue?" :-) --Dave Bryan Dietz wrote: > and running the program I posted the other day over the go faster library: > > DATE: 2/01/06 List System State Programs > Page: 1 > > Program Library Release State-Domain-Obsv-Attrib > Owner Text > GOFSTP1 FASTERI53 V4R4M0 S U N > QDFTOWN GoFaster Pgm1 > GOFSTP2 FASTERI53 V4R4M0 S U N > QDFTOWN GoFaster Pgm2 > RDR0155 FASTERI53 V3R7M0 S U N > QSECOFR > RVCLNUP FASTERI53 V3R6M0 S U N > QSECOFR Remote-View - cleanup errors > RVGET FASTERI53 V3R6M0 S U N > QSECOFR Remote-View - copy screen image > RVMAIN FASTERI53 V3R7M0 S U N > QSECOFR Remote-View - main program > RVPROC FASTERI53 V3R6M0 S U N > QSECOFR Remote-View - do processing > RVSETUP FASTERI53 V3R6M0 S U N > QSECOFR Remote-View - install > WRKSYSACC FASTERI53 V3R7M0 S U N > QSECOFR Work with System Activity II - cleanup errors > WRKSYSACM FASTERI53 V3R6M0 S U N > QSECOFR Work with System Activity II - main process > Total Programs.......... 10 > > > It looks like none of these will run at v5r4 (as I understand the new > "rules") > > the fast400 program does not show as a system state program. > > _____________________________ > Bryan Dietz > Aktion Associates > > > mi400-bounces@xxxxxxxxxxxx wrote on 02/01/2006 07:09:42 AM: > >> Not necc true. You do not "have" to be system state to go "into" system >> state. A program can move in and out at will. So you could never see > that >> without the proper tools which would be terribly difficult unless you > work >> for IBM but maybe.... Which brings up the claim of GO FASTER that states > it >> runs in user state. Doesn't mean it doesn't go SS at some point. And >> really if you play with the words I suppose any "Q" program could be > claimed >> to run user state by virtue of you calling it from user state. >> >> The other issue with this is believing that you could access the "magic" >> governor data areas w/o going SS. Again it's possible, but I doubt IBM >> would stick it there. Heck you can't even create an index anymore w/o > being >> SS. >> >> I think the FAST/400 attack was a ruse, not the real intent. But it all >> seems to have worked out for Leif in the end, bad for everyone else. He > did >> great work for everyone while it lasted. :) >> _______________________________________________ This is the MI Programming on the AS400 / iSeries (MI400) mailing list To post a message email: MI400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/mi400 or email: MI400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/mi400.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.