A customer (through an auditor) has posed a question to us: Job 'A' runs and ends. Job 'B' then comes in and obtains some of the system storage that Job 'A' had. The question is, can Job 'B' see data in that memory originally owned by Job 'A'?
Theoretically, yes, right? Is there a way to prevent this? (which I'm sure will be the followup question) I know this sounds a little silly but it seems to be a concern to someone.
Thanks in advance for any insights.
In theory, yes, a program running in an authorized state (APF, supervisor state, or system key) could allocate some storage that would survive from job A into job B, and put data in it.
For the answer to the auditor, I think you should focus on what happens with normal application programs. For them, the answer is a definite "no". And data that an unauthorized program places into memory that it allocated in job A will not survive into job B. The initiator or other system functions will free all of that application-related storage at the end of each job step.
Storage on DASD is another case, of course, but that's not what they asked about.
Walt Farrell, CISSP
z/OS Security Design, IBM---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
