On Fri, 2 Apr 2010 09:56:28 -0700, Edward Jaffe wrote: > >An authorized program abends with 306-C if it tries to load a module >from an unauthorized library. That's all. There is no requirement that >the modules it attaches be linked with AC(1). > Thanks. I keep forgetting the rule.
And I see that GIMSMP is linked with AC=1; ASMA90 with AC=0; both in authorized libraries. So, now sheer conjecture. ASMA90 may or may not do exhaustive SAF checking. Why should it feel obliged to? It was designed to run unauthorized. So a maliciously crafty programmer could code an SMP/E APPLY step which invokes ASMA90; preallocate SYSPUNCH; and supply PUNCH statements which overwrite a member in what? SYS1.PARMLIB? Multiply that by the increasing number of utilities called by SMP/E which may not do SAF checking and SMP/E is strongly impelled to shift the security burden to customers' system administrators. >>> IMHO, the "right" fix would have been to "enhance" IEBCOPY to use >>> alternate I/O techniques when not running APF authorized. (BTW, that >>> Amen. I can live without S99WTDSN. If I specify NOWAIT on my DDDEFS, SMP/E operations not involving a copy run fine. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
