Last night a bomb exploded very near to my house. It was very impressive,
the noise shook the walls and the door slammed against its lock (but was far
from bursting open, hopefully). Actually it was not THAT near but the bomb
had been very powerful. It completely destroyed the building and that's what
it was meant for. I heard the target was the building of the National Office
of Unemployment (that place which helps you finding a job when you don't have
one), and that there's a real big hole in it....
Those days I just don't have time to work on LISTSERV. As you may have seen
on LINKFAIL we have power problems, and I'm still working on the migration to
the 3375s; besides we'll be installing VM/SP 4 next week. I recently found
that we had a few privileged servers with security holes even larger than the
hole in the destroyed building... They were written by Mr Sein-Aye, for whom I
have a lot of respect because when he came here he knew nothing about computers
and he managed to learn an incredible amount of things about VM in the two
years he worked here part-time on three different computers, the 4341 being the
one he spent the smallest amount of time on because it usually 'works without
problems when left alone' (his words) which is not at all the case of the
other two fr*nch computers. However he had *no idea* of what *security* is...
the servers had ABDG privs, which they did not need except to use MSGNOH, and
RECEIVEd whatever file a user would send them (but of course the end-user
execs he wrote only sent files with a filetype of 4250 or JOB). Then he picked
up the name of the sender and number of 4250 pages of the document from the
first line in the file (where they were inserted by the end-user exec), etc,
etc. You could bill jobs to someone else, increment your 4250 output quota by
sending a one-line file, "hh:mm:ss myuserid -100" to the server, etc.
I'm presently rewriting the two servers, which is as funny and fascinating
a job as you may imagine, and have given up rewriting another server which
showed the same problems but only had class G. Ah, by the way, DISKACNT (the
standard IBM-supplied one) is as stupid as the above servers and receives any-
thing with name "VM370.ACCO.RECO", regardless of origin. Thus you can increment
or decrement the bills of any user by sending the appropriate accounting cards
from any class G account. I rewrote it a long time ago, just thought you might
be interested... It's funny. Of the five servers shipped by IBM along with IPF,
four of them (VMUTIL, DISKACNT, OPERATNS, SYSDUMP1) show security leaks, and I
have not yet understood what the fifth one is for (ROUTER). There is of course
no problem with AUTOLOG1 but I don't call this a server...
Eric
|