Lou Losee wrote:
The thing is integrity APARs do not come from requirements, they come from
exposures that violate IBMs integrity statement. So I would think that the
reason behind the APAR has to be deeper than just segregating the use of
SMPE.
Exactly! The problem is that GIMSMP is APF authorized.
AFAIK, that's true only because IEBCOPY requires APF authorization.
That's required because IEBCOPY uses I/O appendages. But, trust me, it's
not doing *anything* that can't also be done without I/O appendages.
IMHO, the "right" fix would have been to "enhance" IEBCOPY to use
alternate I/O techniques when not running APF authorized. (BTW, that
would solve numerous other non-SMP/E-related issues at the same time.
Ever tried to invoke IEBCOPY from a REXX?)
Removing APF authorization from GIMSMP would remove the potential for
integrity exposure. In that case, these ridiculous new SAF resources for
SMP/E--which really do nothing to protect the system--would never have
been created in the first place.
--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
[email protected]
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
