Re: Tagged memory (was Re: Memory Upgrade)

["Ed Fishel" <edfishel@xxxxxxxxxx>]

>From: Alexei Pytel <pytel@us.ibm.com>
>> From: Leif Svaalgard
>> > It is possible for a user-state program belonging to an ordinary
>> > user profile and that does not adopt authority and that does not call
any
>> > other programs to assume all authority on an AS/400
>>
>> If you know a way of doing this, I think you should report it to IBM.
>
>what good is that going to do?
>
>The flaws on which this rest (as far as I know) have been
>known to IBM for a decade. In fact, they were MADE by IBM.

Leif,

One way to read your reply is that IBM has intentionally introduced
weaknesses. That is certainly not the case. Not only would such action be
contrary to IBM's business conduct practices, it would be contrary to our
best business interests. Potential weaknesses are taken very seriously, so
you and anyone else can help support the system and its user community by
privately reporting potential weaknesses. Because of the effort involved to
fix some problems I cannot promise an immediate fix to every problem
reported. This is the main reason I ask you to privately report security
and integrity problems. Any public reporting leaves all users exposed until
a fix can be provided.

No system is impervious to all attacks. iSeries has better protection
mechanisms than most systems, and we continue to make improvements. Even
so, a system owner must choose to implement features that provide
protections against attacks. In a few cases they must also move to the
latest release to be able to make use of the newest features.

Ed Fishel,
edfishel@US.IBM.COM