Fix Security (was: Paging file)

From: Steve Landess <steve_landess@hotmail.com>

> SO, what is the solution to the problem, Leif?
>
> I have begun reading your eBook.  I was particularly interested in how a
> program can switch into system state and use fake pointers, and I hear you
> talking about the flaw(s) in SLS.
>
> What can IBM do to fix it?  Create a new level of system security?
>

There are several things that contribute to the lack of security:
1) the single-level-store that guarantees that once you have
the "keys to the kingdom" you can go everywhere
2) the sloppy, or inexperienced, or (pick your favorite excuse)
mixing of privileged and un-privileged information. E.g. that the
MSR (Machine State Register) is stored in user-accessible
storage (albeit with a fake pointer)
3) the flaw that the system tries to DETECT rather than PREVENT
misuse and faking of pointers. The detection can be gotten around
(cf. chapter 7)
4) the belief that the various checksums cannot be broken and
faked out (general arrogance)
5) and more...

The first thing to do would be to clean up the design so that
the MSR is stored in a separate (protected space). I have it
from good sources that this process has started. There may
be more types of "privileged" modes coming (i.e. more bits in
the MSR), and so on. These things require hardware changes
so do little for the installed machines. The first step is to accept
that thee AS/400 is security-challenged and then constructively
do something about. As long as the developers (and maybe
more their managers) believe the marketing hype about the
absolute invulnerability of the system it will be nard to make
progress, but there seems to be improvement on its way.
Maybe the AS/400 on its deathbed will finally be secure...