That make sense, as I am competing with the Linux develipers. I consider implementing a simple model, befiting native z/OS, with option to implement the security model when it becomes ubiquitous. I really thank you for the information, as it gives me the basic answer to my question and quest.ZA
Sent from Yahoo Mail on Android On Mon, Nov 16, 2020 at 7:47 PM, Dan Greiner<dan_grei...@att.net> wrote: The ability to prevent instruction execution was introduced by the instruction-execution-protection (IEP) facility on the z14 (September 2017). Per the facility blurb in Chapter 1 of the PoO: "The instruction-execution-protection facility may be available on a model implementing z/Architecture. When the facility is installed and enabled, and an instruction is fetched from the primary or home address space, an instruction-execution-protection control in the leaf DAT-table entry used in the translation determines whether instructions may or may not be executed from the frame mapped by the entry. The facility may be used by a control program to better segregate instructions from data. Improved system reliability and integrity may be realized by preventing the execution of instructions from storage locations intended to contain only data. For example, erroneously or maliciously modified data in a program stack can be prevented from being executed. (September, 2017)" So, the facility only applies to virtual addresses on newer models. As I recall, the development of this facility was requested by z/Linux in order to help avoid classic stack-overflow exposures; but, it obviously has applicability to other environments. (It was also introduced in order to "keep up with the Joneses — er ... I mean the Intels.)
