× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2005

RE: Recent bugtraq postings

Joe, you and I probably have Godlike authority on most of the machines we 
work on.  Normal users execution of WRKUSRPRF tells them nasty things 
about their mother.  Their workaround is to do a WRKOBJ QUSRSYS/*ALL 
*MSGQ.

After typing that up I tried another WRKUSRPRF *ALL as a limited user 
profile.  They can see some user profiles but not all.  I wonder how it 
makes the determination?  The *MSGQ trick remains effective though.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
04/22/2005 10:15 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: Recent bugtraq postings






Patrick, I suggest that you notify your employer of this and let IBM's
legal department address it.  Any further public posting will only add
to this goober's pockets.  I do love his posts, though.  One is the
"LDAP exploit" in which, if LDAP is turned on, you can list other user
profiles.  Of course, he doesn't explain why that's a bad thing, or that
you can just as easily do the same thing using WRKUSRPRF *ALL.

But my favorite is the one that warns that if you install Client Access,
"malicious AS/400 applications can run programs on your PC."  Uh huh.
Malicious AS/400 programs.  Sorry, but iSeries programmers actually work
for a living.  We're unlikely to want to write applications that wipe
out the workstations of our end users.

Joe

> From: Patrick Botz
> 
> The following are my personal opinions and in no way reflect the
official
> position of my employer or anyone else...

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.