PASE is not a closed off separate environment like the other environments
you use as examples.

Given that, it's hard to see how it can be considered anything but a native
i5/os service regardless of our opinions of it or it's security.

Would you consider the 36 environment a non-native i5/os service ? Seems to
me that falls into much the same space as PASE.

Regards
Evan Harris

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]
On Behalf Of Joe Pluta
Sent: Thursday, 25 October 2007 10:03 a.m.
To: 'Midrange Systems Technical Discussion'
Subject: RE: DB2UDB hack

From: Joe Pluta

I guarantee they haven't performed a buffer overrun exploit on any
native i5/OS service, and it's fuzzy statements like "take advantage
of these leaks" that make me crazy.

Just to be clear, by "they" above, I mean your "benevolent hackers" and
not
anybody at IBM's labs. As I've noted, there's a theoretical possibility
that
someone with the skills of Leif Svalgaard and the knowledge of a bug in an
IBM
program MIGHT be able to somehow cause i5/OS to execute a data buffer, but
I'm
pretty comfortable nobody in the outside world has ever done so, or will
ever
do so.

And in case I haven't been crystal clear, I do not include PASE in this
statement. PASE is not i5/OS, any more than a Linux partition is or
Windows
running in VMWare on a Mac is OS X.

Joe

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].