Again, I don't see any "ways that compromise security/integrity" here, from an application programmer's point of view, but maybe I just don't think like a black hat.
"Validly use" is too strong, I think. As I said in my earlier response to Chris C., the usual application programs only need to deal with addresses in their one and only address space, and if written to avoid abends may want to know that an address is valid in the address space and whether it can be read from or written into. State changes of the types discussed so far are usually unlikely in such applications, so why isn’t this usage "valid"? I accept that my POV here may be far too narrow to see the forest for the trees. Peter -----Original Message----- From: IBM Mainframe Assembler List [mailto:ASSEMBLER-LIST@LISTSERV.UGA.EDU] On Behalf Of Tony Harminc Sent: Monday, October 26, 2015 4:51 PM To: ASSEMBLER-LIST@LISTSERV.UGA.EDU Subject: Re: Question of curiosity: Why are IVSK and TPROT instrictions privileged? On 26 October 2015 at 16:00, Chris Craddock <crash...@hotmail.com> wrote: > In all approximately similar cases (IVSK, TPROT, LRAG) there is always the > risk that the state of a page may > change in between the instruction completing and your usage of the result > (TOCTTOU) but for disabled programs > (the original use case) the window is pretty negligible. I suspect this is really the, uh, key to the answer. There is almost no way in which an unprivileged program can validly use these instructions to their intended end. Making them available to unprivileged programs would not hurt directly, but might encourage their use in ways that compromise security/integrity . Tony H. This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
