|
midrange.com
First of all, you customized the system request. That should do a DSPJOB,
not a WRKJOB.
Yes, you can suspend the job. Is that a security breach? No.
And, yes you are right, this person should have LMTCPB(*YES). This would
lock the people who customized system request to do a WRKJOB. Unless they
also changed all of their commands to be allowed to run under LMTCPB.
Nothing is fool proof. Fools are ingenious.
Rob Berendt
==================
A smart person learns from their mistakes,
but a wise person learns from OTHER peoples mistakes.
Evan Harris
<spanner@ihug.co.nz To: MIDRANGE-L@midrange.com
> cc:
Sent by: Subject: RE: backups on
AS/400; part2
owner-midrange-l@mi
drange.com
05/30/01 03:55 PM
Please respond to
MIDRANGE-L
Rob
How about this then:
System request 3 to bring up WRKJOB. Will that suspend the DLYJOB ? My
guess is it will. I seem to recall trying this once before, but I might
check it again at work.
Also, since Dan didn't say whether he was making the profile LMTCPB(*YES)
or not, I'll assume he hasn't and my WRKJOB turns into a hack.
The system request hole can be closed: theres an API or Exit (whose name
escapes me) that can be used to close this hole, or I guess you could use
an OVRMSGF to override the msgf system request uses to get its options.
Cheers
Evan Harris
<SNIP>
>We're talking about a 1 line CL program here. Try it and attempt to prove
>me wrong, mortal.
>
>By the way, what is the big hairy about the attention key? I would be
more
>concerned about the System Request key. Either one wouldn't hurt this set
>up though.
>
>Rob Berendt
<SNIP>
>How about hitting the ATTN key after sign on and before the DLYJOB CMD is
>invoked?
>
>
>Joe Giusto II
<SNIP>
>Yes.
>
>And to verify, change the initial program to one that only does a DLYJOB
>and try to hack out of that.
>
>Rob Berendt
<SNIP>
>So, let's suppose I create a special SAVEUSER user profile. It has an
>initial
>program that prompts the user for the parameters by which the backup
should
>be
>run, including a DLYJOB RSMTIME(x) before the system is ended to a
>restricted
>state. The program ends with a SIGNOFF. The user profile's initial menu
>is
>*SIGNOFF. Does that cover all the bases for restricting anyone from being
>able to issue a system request #2 "End previous request"?
>
>Dan Bale
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
