On Thu, 17 Jun 2010 13:35:41 -0400, D'Angelo, Paul V. <Paul.D'[email protected]> wrote:
>John McKown wrote >Yes, I want it to run authorized >I really don't want to write an SVC >And I really don't want to use a Cross Memory Call. Perhaps if you described a bit more of the environment you're running in and what you want to accomplish we could offer some other suggestions you'd find acceptable. As others have correctly stated, your unauthorized program can not simply ATTACH an authorized program and have it run authorized. But you could, for example, run your program under a batch TSO TMP, e.g. via // EXEC PGM=IKJEFT01,PARM="CALL *(your-program)" //STEPLIB DD whatever libraries you need //SYSTSPRT DD SYSOUT=* //SYSTSIN DD DUMMY //DD1 DD your required DD statements go here Once you've done that, and with the cooperation of your system programmers to update SYS1.PARMLIB(IKJTSOxx), you could then use the IKJEFTSR service to invoke your APF-authorized program. But there are still System Integrity concerns and that might not be feasible, depending on the program you're trying to invoke and what kind of parameters it needs. And you're not going to be able to specify the DCB the program will come from. -- Walt Farrell, IBM STSM, z/OS Security Design
