On 2015-10-26 13:33, Farley, Peter x23353 wrote: > I happened to be browsing PoOPS for another reason and noticed that TPROT is > a privileged instruction. Reading the instruction details I couldn't really > see any particular security exposure that could result from TPROT being > usable in a non-privileged mode by unauthorized programs. > This question arises more regularly with respect to data set protections:
"How can I tell whether a data set is RACF-protected?" "It's complicated because of the logic in RACF; difficult to imitate. And there's a timing window that can't absolutely be closed. Simply, issue OPEN and analyze any error status." "I can't do that because in the 'Permission Denied' case an alarm is raised and Security Administrators dispatch jack- booted thugs to my office." "In that case, probing for permissions in order to thwart the jackbooted thugs should be treated as an intrusion as serious as attempting a prohibited access. If not, your Security Admins are failing their objective." Etc. But I suspect that Storage Protection Exception is seldom treated as seriously as data set Permission Denied. -- gil
