× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2002

Re: Fix Security (was: Paging file)

Leif

Is not *nix just as prone to tampering by someone with
sufficient authority (stolen or not) who can go in and
do almost anything to anybody? You need to have
authorization now to get into SST - before V5R1 that was
a problem, except that it is shipped with *PUBLIC
*EXCLUDE. But if someone gets the *nix 'root' password,
or can get superuser rights, they're in, and it's really
easy to mess with executables in *nix - just cat 2 files
together, or cat what you want to replace whatever.

So where's the advantage suggested by your remark? To
make "bad" changes on the 400, you still have to have
got there with sufficient authority in the first place.
And you also need to do that in *nix systems. But once
in the system, you're "god", or at least halfway there.

But is there any way for someone without *ALLOBJ (and
probably a few other rights) to do this tampering on a
virgin 400? When there's been no program written to put
the job into privileged status? Not if your authority is
not high enough, I don't think.

Same thing goes for any system - you can't just do
anything in the first place, unless you're allowed to.
So the vulnerability, albeit real, cannot be expolited
unless someone with enough authority does it. Again, no
difference, no advantage, in other systems.

Thanks

Vern
> From: Dennis Lovelady <dlovelady@dtcc.com>
> > I had to smile when I read this:
> > > Unix is pretty secure. Linux too. The buffer overflow
> > > problems are not platform problems, but sloppy
> > > programming.
> >
> > Now, don't get angry, just smile with me, huh?  But it seems funny that
> > "pretty secure" is OK for you to use in this context, but not acceptable
> > when discussing the iSeries and SLS.  Isn't that interesting?  :)
> >
>
> The difference is that the *nix problems are caused by sloppy
> programming (as are most of M$'s as well), but the AS/400
> problems are deeper, being architectural flaws.
>
> And now, I'm waiting for everyone to say,"yes but if
> you follow the rules, you are secure".

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.