On 2014-08-16, at 06:50, Peter Relson wrote: >> Are there any holes left open? > Obviously that is an unknowable question. To some extent in such > situations you either trust the operating system (and the applications > that you have chosen to add) to do what they say they do or you do not > (and/or you attempt to verify it, but no such verification can be a > guarantee). > I would expect that a debugging utility invoked unauthorized should be able to inspect only user-key storage; authorized it should have more freedom. For data sets, including dumps, RACF rules should prevail. But this presumes that dumps are created initially with suitable profiles.
There should be no need to restrict access to the utility. -- gil
