[3984] in WWW Security List Archive
OS/390 and WWW
daemon@ATHENA.MIT.EDU (Arjan Vos)
Wed Jan 15 04:11:54 1997
Date: Wed, 15 Jan 1997 01:22:07 +0100 (MET)
From: Arjan Vos <arjan@pino.demon.nl>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Just some questions popping into my mind:
IBM is now offering OS/390 with spec1170-complient UNIX intergrated and
TCP/IP etc. As far I can see IBM's main goal is to offer "open
computing" to their exisiting clients with (huge) corporate databases
(formerly) under MVS. Though UNIX is integrated, all security-related
measures are still being done under RACF or ACF or whatsoever.
But, why would one want their corporate datatabes connected to the Net? It
is now possible to query DB2 databases, like in UNIX they've been doing
with Oracle databases since ages :-))
As far as I can see, one would not want to place corporate databases, or
high-transactional online systems on the Internet in the first place....
What about security, e.g. SYN floods or bombing... How will they be
handled under OS/390.
Is it possible to abuse PSW=0 states with networking interfaces under
OS/390 (I know that root under UNIX still has it's own address space and
protection by RACF)?
How about cross-memory stuff within Unix under OS/390?
Does anybody know about possible weaknesses?
Arjan Vos
--
Eat hard
Sleep hard
Wear glasses if you need them
