Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site amd.UUCP Path: utzoo!watmath!clyde!amd!eager From: eager@amd.UUCP (Mike Eager) Newsgroups: net.unix-wizards,net.rumor Subject: Re: VM/370 Security Message-ID: <759@amd.UUCP> Date: Wed, 19-Dec-84 20:11:08 EST Article-I.D.: amd.759 Posted: Wed Dec 19 20:11:08 1984 Date-Received: Fri, 21-Dec-84 13:00:34 EST References: <3558@ecsvax.UUCP> <1539@sdcrdcf.UUCP> <34@rti-sel.UUCP> Organization: AMD Applications, Santa Clara, CA Lines: 22 Xref: watmath net.unix-wizards:11132 net.rumor:589 > So I was surprised a few years ago to read a Datamation (?) article > by an IBM computer security person who said > that they 'warranted' the security of MVS but not VM. > That means IBM will fix any security hole found in MVS. > > From what I have heard MVS (with RACF) is much more secure than > MVF or MVT but only in the sense that security flaws are much more > obscure and difficult to exploit. Perhaps VM, though potentially secure, > comes up short since VM users insist on sharing (minidisks, whatever) > and the hacks^H^H^H^Hmechanisms for so doing have security flaws. > Tom Truscott MVS is substantially more secure than MVT or MFT or the other OS/360 or DOS operating systems, having plugged most of the glaring holes. Sometime I'll tell about how I used to tell the operating system to use my open exit, then I'd finagle getting returned in supervisor mode. Ah, history. There was an IBM Systems Journal some years ago which had a set of articles about VM security. I have the feeling that it should be quite easy to verify that VM is secure, in the sense that one user cannot obtain or alter the data of another user without permission. Sharing mini-disks requires that permission.