RE: work files in qtemp

["Larry Ducie" <larry_ducie@xxxxxxxxxxx>]

Hi Ken,

<snip>
I don't think I'm being nit-picky.  If Larry could do exactly what he said 
he could do, that would be a serious security issue.
</snip>

<exactly what Larry said he could do>
You wouldn't believe how easy it is to get hold of another job's QTEMP
objects...

By the end of the day I'd written three VERY simple CL commands (and a
couple of processing programs in RPG) that allowed me to take control of any
job in the system and then force it to issue any commands I sent it.
</exactly what Larry said he could do>

I apologise if this statement conferred anything other than the ability I 
put forth in the code. But in my defence I specifically stated that my 
commands "force it to issue any commands I sent it". I think that is exactly 
what the code does. I did not mention accessing system objects beneath the 
MI or anything more mystical than simply telling another job to do what "I" 
want it to do.

Regarding security, if I access a job running  under the QSECOFR profile I 
can grant myself *ALLOBJ authority. In fact I can grant myself ANY 
authority. I think that was enough to scare the heirarchy at my current 
workplace - that's why the CMDLOG part was put in. :-)

Anyway, I get your point. I just didn't mean what you thought I meant. Maybe 
I got your heart skipping and you was disappointed with the hack I 
presented, maybe not.

Cheers

Larry Ducie