Apologies, I accidentally sent this reply so Jon directly instead of to the list.
Peter -----Original Message----- From: Farley, Peter x23353 Sent: Friday, December 22, 2017 7:34 PM To: 'Jon Perryman' Subject: RE: Dynalloc (was Macro processor) Jon, I think our confusion (or at least my confusion) with your statements is that in the z/OS environment (including z/OS Unix), access to ALL files is subject to SAF restrictions. Allocation by DYNALLOC may in fact succeed, but OPEN will fail if the running user ID is denied access by whichever SAF is running. Where is the security exposure then? I do assume complete and correct SAF definitions here. If your SAF isn't well set up for data safety then all bets are off. I am also assuming that the running user ID for production jobs is NOT any ordinary user's TSO ID, but the unique user ID(s) allowed only to the production scheduler software. Peter -----Original Message----- From: IBM Mainframe Assembler List [mailto:[email protected]] On Behalf Of Jon Perryman Sent: Friday, December 22, 2017 7:09 PM To: [email protected] Subject: Re: Dynalloc (was Macro processor) Again with the motivated reasoning. Give me any fact that it's unrelated. Give me any fact that I'm wrong. Of course it's based on dynamic allocation. In a permanent allocation situation (like JCL, CICS or possibly IMS), you are defining datasets that can be used at that time. From a security standpoint, that's exactly what they want. Are you saying Unix is not dynamic allocation all the time?Are you saying this virus is possible in a permanent allocation situation?Are you saying the virus was restricted to reading / writing the same files referenced by the programs it infected?Are you saying the virus did not read the path and start scanning the the directories in the path?Are you saying that security checks and balances are irrelevant?Are you saying this same virus is impossible in MVS? How is the Target incident unrelated? In the past, I would get calls from customers ensuring we avoided this situation. Jon. On Friday, December 22, 2017 1:54 PM, Charles Mills <[email protected]> wrote: The Target breach was based on DYNALLOC? This discussion has jumped the shark. -----Original Message----- From: IBM Mainframe Assembler List [mailto:[email protected]] On Behalf Of Jon Perryman Charles broke the cardinal rule in security ( never say never ). Viruses rely on dynalloc. -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
