On Mon, 17 Nov 2014 18:49:33 +0200, Binyamin Dissen <[email protected]> wrote:
>the enablement part of fork has elevated privileges to maintain integrity. >There is no reason that a simple MVS service to allow connection to another >address space could not be provided - if there was a need. > >All you need to do is mark the target address space non-swapable, add the >STOKEN and set the SSAR bits. Then the ALET could be used for access. And how do you propose this "simple" service handle security/integrity and determine which other address spaces your unauthorized program should be able to connect to? How would the unauthorized program handle synchronization to ensure that the other address space is really there, and that it is running the expected program? Once the unauthorized program has (somehow) made the other address space nonswappable, and then has managed to die without making the target swappable again, how do you propose that the system take care of that? There is no way that all of this can be a "simple" service. You've already got fork(), so if you have a valid reason to run code in multiple address spaces go ahead and use it. -- Walt
