|
>From: Alexei Pytel <pytel@us.ibm.com> >> From: Leif Svaalgard >> > It is possible for a user-state program belonging to an ordinary >> > user profile and that does not adopt authority and that does not call any >> > other programs to assume all authority on an AS/400 >> >> If you know a way of doing this, I think you should report it to IBM. > >what good is that going to do? > >The flaws on which this rest (as far as I know) have been >known to IBM for a decade. In fact, they were MADE by IBM. Leif, One way to read your reply is that IBM has intentionally introduced weaknesses. That is certainly not the case. Not only would such action be contrary to IBM's business conduct practices, it would be contrary to our best business interests. Potential weaknesses are taken very seriously, so you and anyone else can help support the system and its user community by privately reporting potential weaknesses. Because of the effort involved to fix some problems I cannot promise an immediate fix to every problem reported. This is the main reason I ask you to privately report security and integrity problems. Any public reporting leaves all users exposed until a fix can be provided. No system is impervious to all attacks. iSeries has better protection mechanisms than most systems, and we continue to make improvements. Even so, a system owner must choose to implement features that provide protections against attacks. In a few cases they must also move to the latest release to be able to make use of the newest features. Ed Fishel, edfishel@US.IBM.COM
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.