×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Try copying a PHP file to IFS and overwrite an existing one. If the PHP
you copy contains a call to native i5/OS commands, then you CAN copy a
file to IFS and use it to execute arbitrary native i5/OS code. Same is
true for the web server, WAS, etc... These kinds of blanket statements are
never true about any system, including i5/OS.
If PASE is a non-secure environment, then logically you MUST assume i5/OS
is a non-secure environment. Parts of the base i5/OS run in PASE! You
can't NOT use PASE if you use i5/OS -- they are part of the same thing.
You can attack PASE and access native i5/OS resources. Some of the parts
of base i5/OS running in PASE have had known buffer overflow attacks (BIND
Version 8.xx) and required HIPER/INTGRITY PTFs for i5/OS to fix!
But in reality there is no such thing as an inherently secure or
non-secure OS. OSes and the business assets managed on them are things to
be secured -- not things that inherently make you secure. What makes one
OS different from another with respect to security is how much time and
cost is required to make them secure. This is where i5/OS is better than
other OSes -- NOT because it somehow knows that the janitor's user profile
shouldn't be allowed to change the financials database.
Joe Pluta wrote:
Joe Pluta wrote:
There is no known instance of any IFS file ever executing code on
i5/OS.
And by this, I hope you know what I mean. There is no way copying a
file to the IFS can magically execute code on the System i under normal
operation.
There are of course ways around that. Running non-secure environments
such as PASE, especially running "industry standard" code with known
exploits, can get around this. So I suppose as you start running
non-native applications, there is more need for that sort of protection.
Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.