"Christian J. Reichetzeder" <REICHETZ@AWIIMC11>
Mon, 18 Sep 89 10:32:07 SET
|
On Mon, 18 Sep 89 10:03:56 TUR Turgut Kalfaoglu said:
>
>I would like to transfer a complaint that has been passed to me from
>TREARN's system programmers:
> .........
>With the help of such programs, (like SUPERSET from UAFSYSB, and others)
>our system directory was hacked this weekend: MAINT user was deleted,
>SEVERAL high-priority VM's have been duplicated (so that we ended up
>with two or more of the same VM name running at the same time)
>and notification that the directory was updated did not reach the operator
>console.
>
I agree with Leonard - prove that it's possible for JoeUser and let the vendor
fix it. Regarding SUPERSET - you need privs to display and alter REAL STORAGE,
usually a class G user can't do that.
To change certain bits/bytes in a VMBLOK (or VMDBK) it takes only three
commands. If it works for a user when sHe uses SUPERSET, then it'd also work
by hand. And if TREARN hands out privs to irresponsible users (I do not imply
this has been done) and then blames certain programs for damage then they
could as well blame big blue for documenting LOCATE, DCP and STCP.
Same applies if disks have been damaged.
Is there any proof that one of the public programs has been used? Dunno how
the CMS Batch facility works today - but some years ago I verified that a user
could easily bypass the command filter and issue *any* CMS and CP command in
the batch machine (including IPLs and of course priv commands in the scope of
the classes of the batch worker machine).
Christian
|
|
|