×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Joe Pluta wrote:
Doing an UPDPGM could work assuming you had the authority. This,
however, would probably leave incriminating tracks.
At the least it would change the last modified date, no?
And, depending on how the system is configured, log something in the object audit log.
I guess you could make your own version, put it higher in the library
list, and then delete it when you were done. But as Walden points
out, it's hard to know how to write that module.
Strange as it sounds, I've thought about this a fair bit ... and, when it comes down to it, anyone who would WANT to do this is probably skilled enough to pull it off.
The key here is: the routine that is performing the security function would need to adopt higher authority than the user normally has.
All you really need is a list of the procedures in the service program and the current signature, all these can be retrieved from the DSPSRVPGM command.
And the substituted service program doesn't really need to do anything in the applications context ... all it needs to do perform the mischief intended ... then it can abend, or invoke the original routine (if you know the prototype), or just return and do nothing. They key is: Something was done outside the normal security controls of the application.
Not impossible, but also not something the average i programmer is
going to know how to do. That's why I bind by copy.
Not impossible, but not all that hard either.
I suspect that the average i programmer isn't even going to be interested in doing something like this ... but someone who is could probably find out what they need in order to do it.
david
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.