In other words, EXECUTABLE=YES is not some new RMODE=64 feature. EXECUTABLE=NO is a new security feature. It is a guard against buffer overflow type vulnerabilities in which a bad guy sends you some message (like a Web URL) that is actually machine instructions and also manages to overlay code thus causing a branch to the instructions in the message. You can now mark storage non-executable, and the hardware will not allow a branch to it.
ALL storage today is EXECUTABLE=YES. EXECUTABLE=YES is not new; EXECUTABLE=NO is new. Charles -----Original Message----- From: IBM Mainframe Assembler List [mailto:[email protected]] On Behalf Of Tom Russell Sent: Friday, July 28, 2017 9:43 AM To: [email protected] Subject: Re: LOC=64 executable code? >Date: Fri, 28 Jul 2017 00:14:46 +0000 >From: "Ngan, Robert" <[email protected]> >Subject: LOC=64 executable code? >Just noticed that the z/OS 2.3 manuals mention EXECUTABLE=YES|NO parameter for >IARV64 GETSTOR requests. >Anyone have a summary of what kinds of code we can move above the bar in z/OS >2.3? >Robert Ngan >CeleritiFinTech Services z14 and z/OS 2.3 support a new facility called Instruction Execution Protection (IEP) based on DAT table entry bit •RSM provides new function to request that non-executable memory be allocated •Exploitation support new EXECUTABLE=NO option on IARV64 and STORAGE •Any attempt to execute an instruction within such an area will result in a program check •Could be an indication of an attempt to violate system integrity •RTM will write LOGREC record of any program-check that results from IEP •Support will also be available for z/OS 2.2 and later running on z14 G. Tom Russell “Stay calm. Be brave. Wait for the signs” — Jasper FriendlyBear “… and remember to leave good news alone.” — Gracie HeavyHand
