× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2005

RE: Cool i5/OS Security News!!!!!!!!!

Marty,

I was not aware of this.  I'll do some investigation to understand the
details.  If there is a security issue here, I will try to rattle some
cages...I can't promise any success though.  I am no longer directly
responsible for i5/OS security;  however, I was at the time QSHELL and PASE
were implemented.  If this is a security issue it got by me.

I'll try to remember to post any conclusions or actions taken on this.
Feel free to send me a personal e-mail if I don't get back to you for a
couple of weeks.

Rob,

If you think there are issues with security in the items you mentioned, the
best way to make them known to IBM is to submit a PMR with the details.
Even if your concerns are not answered to your satisfaction, it still
creates a paper trail that can be revisited if necessary (as I will be
doing with the one Marty described).

All,

Just ignore my initial post on this subject :-)

Patrick Botz
Senior Technical Staff Member
Rochester CTC, eServer Security Architecture & Consulting
iSeries Security Architect
(507) 253-0917, T/L 553-0917
CTC Fax # 507-253-2070
email: botz@xxxxxxxxxx

For more information on CTC, visit our website at
http://www.ibm.com/eserver/services
http://www.ibm.com/servers/eserver/services


midrange-l-bounces@xxxxxxxxxxxx wrote on 08/16/2005 11:21:41 AM:

> And, while they are fixing qshell, should they also be fixing all iSeries

> Access, ODBC, etc jobs too?
>
> Rob Berendt

>
> "Urbanek, Marty" <Marty_Urbanek@xxxxxxxxxxxx>
>
> Subject
> RE: Cool i5/OS Security News!!!!!!!!!
> That is very good news. Now (in the spirit of "no good deed goes
> unpunished") how about fixing it so my users' unattended qshell sessions
> will timeout due to inactivity, observing QINACTITV as documented?
>
> When I opened a PMR (66586,082) they simply explained to me that it is
> because the session is not in DSPW status, therefore it is not a problem
> because everything is working as designed. When I submitted a DCR
> (MR022205327), five months later I received an acknowledgement that it
> should be changed, but no commitment to do so.
>
> I haven't tested it, but I assume this problem would also exist in the
> PASE shell, since an idle session is not in DSPW status.
>
> Sorry to rattle your cage in public like this, Patrick, but it looked
like
> a good opportunity to bring this to someone's attention who might be able

> to do something about it. If IBM is going to pursue these fancy shmancy
> security certifications (which is a good thing) then perhaps they could
> also put some effort into closing the more mundane security holes.
>
> Thanks,
> -Marty

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.