|
midrange.com
Steve,
If you fail to use object security in the first place, you will always have
the trojan horse capability.
If you don't change the default from the higher library from *public
*change you're a moron. And you've probably already let half your people
have *SECADM and override it (and violate your suggestion) anyways. And
then there's always a workaround, if you violate proper object security:
change the system library list to temporarily remove this library
add the duplicate command
change the system library list back
-or-
Add yet another library to the system library list, after you've added the
duplicate command to the new library.
-or-
Basically, if you forget the basics, then the advanced is meaningless.
Rob Berendt
==================
A smart person learns from their mistakes,
but a wise person learns from OTHER peoples mistakes.
"Steve Richter"
<srichter@AutoCoder To:
<MIDRANGE-L@midrange.com>
.com> cc:
Sent by: Subject: Re: chgc0100 exit
point. was Default for command without
owner-midrange-l@mi default value?
drange.com
08/03/2001 10:46 AM
Please respond to
MIDRANGE-L
>>In future releases, will there be a security level that prevents the
>>creating of a cmd that has the same name as an ibm cmd?
>
>I have never heard of anyone suggesting that we prevent customers from
>naming their commands (or programs) anything they want.
>
I would be in favor of it. Dont allow anything in the library list above
QSYS to contain an object with the same name as a QSYS object. Provide a
system value to enable the restriction. Default is no restriction. Use a
registration facility to allow a *SecAdm user to override the restriction,
one object at a time.
Of the trojan horse scenarios described, this is the one that I would guess
shops are most vulnerable to. ( most shops probably have a lib above qsys
that contains customized versions of system cmds. If *Public can add an
object to that library ( the default value ), then your system is wide open
to mischief. )
Steve Richter
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
