× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



>From: Alexei Pytel <pytel@us.ibm.com>
>> From: Leif Svaalgard
>> > It is possible for a user-state program belonging to an ordinary
>> > user profile and that does not adopt authority and that does not call
any
>> > other programs to assume all authority on an AS/400
>>
>> If you know a way of doing this, I think you should report it to IBM.
>
>what good is that going to do?
>
>The flaws on which this rest (as far as I know) have been
>known to IBM for a decade. In fact, they were MADE by IBM.

Leif,

One way to read your reply is that IBM has intentionally introduced
weaknesses. That is certainly not the case. Not only would such action be
contrary to IBM's business conduct practices, it would be contrary to our
best business interests. Potential weaknesses are taken very seriously, so
you and anyone else can help support the system and its user community by
privately reporting potential weaknesses. Because of the effort involved to
fix some problems I cannot promise an immediate fix to every problem
reported. This is the main reason I ask you to privately report security
and integrity problems. Any public reporting leaves all users exposed until
a fix can be provided.

No system is impervious to all attacks. iSeries has better protection
mechanisms than most systems, and we continue to make improvements. Even
so, a system owner must choose to implement features that provide
protections against attacks. In a few cases they must also move to the
latest release to be able to make use of the newest features.

Ed Fishel,
edfishel@US.IBM.COM



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.