× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2007

RE: DB2UDB hack

From: Patrick Botz

Joe, once again you are twisting what other say in an attempt to prove a
point of yours that it flat out wrong.

Oh bother. *I'M* twisting words?

My original statement was that buffer overruns that affect Windows versions
of DB2 do not affect i5/OS. If you remember, the original issue was a
buffer overrun for DB2 LUW, which I responded to by saying that overruns
reported against DB2 LUW are not applicable to i5/OS.

I'm pretty sure that's not wrong.

Another statement I made is that there has never been a documented buffer
overrun or virus on the machine. You say this is meaningless, because you
know of exploits that have been patched. I contend that it is not, but in
any case it is not "flat out wrong".

As far as I can tell, the only statement I made that could be "flat out
wrong" is the following: "The buffer overrun exploits that allow you to
raise your security level and thus take over a machine are not possible in
i5/OS." I may be wrong there, but as far as I know there's no way that an
application can get i5/OS to execute a data buffer as a program, nor can you
overwrite program space using a data pointer, one of which is required for a
classic buffer overrun exploit.

I suppose in theory, someone with enough expertise in internals (and that
would need to be at the MI level) and knowledge of a specific window where a
bug exists in a driver would indeed be able to hack such an exploit. But
you're rather unlikely to find such a thing in the wild.

Anyway, as John says, we're probably closer in opinion than this lengthy
thread might suggest. My primary goal was to make sure that nobody in their
right mind says that "Patrick Botz says Windows is as secure as i5/OS."

Anyway, I apologize for getting you so ticked off. Didn't really mean to,
but I know that people sometimes read things the wrong way, and there were a
few statements that might be taken out of context. And as you well know,
I'm not much for listening to experts saying I'm wrong without explaining
why. You, unfortunately, are in a rather difficult situation of not
actually being able to tell us why I'm wrong, so I'll demur at this point to
your expertise (something you also know I rarely do).


Anybody who would take any of my statements on this forum and claim that
it is a negative attack against i5/OS or that would construe the statement
to mean that Windows or *nix provides the same value with respect to
security that i5/OS does, is someone who doesn't understand security well
enough -- or has their head buried too far in the sand -- to be making
the comment.

Good! As long as your position on that subject is clear, I'm good to go.

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.