× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2002

Fix Security (was: Paging file)

From: Steve Landess <steve_landess@hotmail.com>

> SO, what is the solution to the problem, Leif?
>
> I have begun reading your eBook.  I was particularly interested in how a
> program can switch into system state and use fake pointers, and I hear you
> talking about the flaw(s) in SLS.
>
> What can IBM do to fix it?  Create a new level of system security?
>

There are several things that contribute to the lack of security:
1) the single-level-store that guarantees that once you have
the "keys to the kingdom" you can go everywhere
2) the sloppy, or inexperienced, or (pick your favorite excuse)
mixing of privileged and un-privileged information. E.g. that the
MSR (Machine State Register) is stored in user-accessible
storage (albeit with a fake pointer)
3) the flaw that the system tries to DETECT rather than PREVENT
misuse and faking of pointers. The detection can be gotten around
(cf. chapter 7)
4) the belief that the various checksums cannot be broken and
faked out (general arrogance)
5) and more...

The first thing to do would be to clean up the design so that
the MSR is stored in a separate (protected space). I have it
from good sources that this process has started. There may
be more types of "privileged" modes coming (i.e. more bits in
the MSR), and so on. These things require hardware changes
so do little for the installed machines. The first step is to accept
that thee AS/400 is security-challenged and then constructively
do something about. As long as the developers (and maybe
more their managers) believe the marketing hype about the
absolute invulnerability of the system it will be nard to make
progress, but there seems to be improvement on its way.
Maybe the AS/400 on its deathbed will finally be secure...

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.