It's amazing to me that on this list people don't understand exactly how
powerful our operating system is, and how (and why) it is essentially
invulnerable to an entire class of intrusions that plague all PC-type
operating systems.

We are waiting to be educated. I agree, a little from ignorance, that i5OS
is very secure (or is it now more politically correct to say "it has the
capability to be more secure out of the box" :-). Maybe you could write an
article comparing a specific case or two of why i5OS is more secure than
it's Wintel counterpart? Looking at a handful of CERT advisories and seeing
if they apply might be a good place to start??

Intriguing conversation.

Aaron Bartell
http://mowyourlawn.com


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta
Sent: Wednesday, October 24, 2007 9:13 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: DB2UDB hack

From: Jim Franz

So what (from IBM & other major software vendors) requires PASE?
Websphere server?

WebSphere does not require PASE. Java does not require PASE. In fact, most
i5/OS software does not require PASE.


The other major piece of software not mentioned much but is an adapted
bit of non-IBM software - Apache webserver... and it is mentioned
often in the CERT Advisories over the years.

The pbA (powered by Apache) HTTP server is indeed based on the Apache code
base. However, again because of the architecture of i5/OS, it is not
subject to buffer overrun exploits. In fact, I'd be amazed if a single CERT
advisory on Apache actually applied to IBM's HTTP server.


Perhaps some of you are too young to remember the earlier DNS (not
sure if this same as Pat mentioned) that had IBM calling customers to
load the critical fix...
or the Common security group and their "demonstrations"...

Again, I'm not saying that i5/OS is perfectly secure. I've been pretty
specific about a class of exploits which are simply not applicable to native
i5/OS. This is probably the largest class of exploits, and they just can't
be executed on native i5/OS, primarily because of the strict separation of
program and data space.

It's amazing to me that on this list people don't understand exactly how
powerful our operating system is, and how (and why) it is essentially
invulnerable to an entire class of intrusions that plague all PC-type
operating systems.

Joe

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].