• Subject: Subsystem ODP exploit (was setsppfp bug)
  • From: "Phil Hall" <hallp@xxxxxxxx>
  • Date: Fri, 9 Jun 2000 14:04:27 -0500


[ FYI:I've changed the thread subject, because it isn't a bug in setsppfp()
but a issue with the ODP of the subsytem object. ]

Dan,

> Since the startup program can be secured, would this be a good interim
step
> until (if?) IBM fixes this bug?  Would you be willing to publish this
> "eraser"?

Now that this topic has reached a peak here's a simple no-code fix for this
that exists on every machine.

Move to seclvl 50.

To continue running the program @seclvl 50, the programs state needs to be
changed to *SYSTEM. Although changing the state of programs is trivial, it
does (unless the state changing is done properly) flag the object as
modified and the command CHKOBJITG will find it.

Running CHKOBJITG and also running queries on objects to find new ones
running system state is already part of you security policies isn't it ;-)

--phil

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.