Scott Klement wrote:
But even if a program hard-codes the library name (instead of *LBIL)
you could easily replace the security service program with one of
your own, and bypass security that way.

You could even rename the existing srvpgm, put your own code in it's
place, and have your code call the original one.

Replacing or renaming an existing object is probably harder than putting a new object higher on the library list. One would assume the existing object is secured so it can't be changed in a production environment. Creating a new object and putting it higher on the library list isn't going to be nearly has hard.

david


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].