On Mon, 18 Sep 89 10:03:56 TUR Turgut Kalfaoglu said:
>
>I would like to transfer a complaint that has been passed to me from
>TREARN's system programmers:
> .........
>With the help of such programs, (like SUPERSET from UAFSYSB, and others)
>our system directory was hacked this weekend: MAINT user was deleted,
>SEVERAL high-priority VM's have been duplicated (so that we ended up
>with two or more of the same VM name running at the same time)
>and notification that the directory was updated did not reach the operator
>console.
>
I agree with Leonard - prove that it's possible for JoeUser and let the vendor
fix it. Regarding SUPERSET - you need privs to display and alter REAL STORAGE,
usually a class G user can't do that.
To  change certain  bits/bytes in  a  VMBLOK (or  VMDBK) it  takes only  three
commands. If it works  for a user when sHe uses SUPERSET,  then it'd also work
by hand. And if TREARN hands out  privs to irresponsible users (I do not imply
this has  been done)  and then  blames certain programs  for damage  then they
could as well blame big blue for documenting LOCATE, DCP and STCP.
Same applies if disks have been damaged.
Is there any  proof that one of  the public programs has been  used? Dunno how
the CMS Batch facility works today - but some years ago I verified that a user
could easily bypass the  command filter and issue *any* CMS  and CP command in
the batch machine (including IPLs and of  course priv commands in the scope of
the classes of the batch worker machine).
 
Christian