>Are there any holes left open? Obviously that is an unknowable question. To some extent in such situations you either trust the operating system (and the applications that you have chosen to add) to do what they say they do or you do not (and/or you attempt to verify it, but no such verification can be a guarantee).
>Can IBM guarantee (with legal liability assumed) >that there are none such? To some extent, that's what the IBM statement of system integrity is. But I don't know about "legal liability". The license terms of the operating system likely address this. >From the IPCS User's guide: IPCS can process as a dump the central storage for the address space in which IPCS is currently running, private storage, and any common storage accessible by an unauthorized problem state program. Users running z/OS R2 IPCS on a z/OS R2 system who have been authorized READ access to facility class resource BLSACTV.ADDRSPAC may view storage that is fetch-protected from application code. If availability of IPCS ACTIVE is the sticking point, I'm sure that an option could be provided to disable it entirely. >The stated reason is security concerns. That doesn't make the stated reason valid. Of course it is always valid to have a concern, but perhaps those concerns can be allayed. Peter Relson z/OS Core Technology Design
