IBOD (an Individual Bent On Destruction) could place a command into either of these libraries with the command processing program (CCP) performing a completely different function than the function suggested by the command name. But IBOD could also execute the intended function by qualifying the intended command (for example QSYS/DSPMSG) after he has executed his own nefarious function and thereby disguising his dastardly deed.

There are two simple remedies to protect against intrusion through this back-door.

Firstly, since QUSER38 is not shipped with the iSeries, create it and apply *PUBLIC authority *USE (not *CHANGE) to it. Similarly, change the *PUBLIC authority to QSYS38 library to *USE.

The second remedy is not to allow programs of type CLP38 onto your production system.

Home | Software Solutions | iSeries Security | Tips & Techniques | Consulting | About us | Contact Us