On Fri, 2 Apr 2010 16:47:54 -0500, Wayne Driscoll wrote:
>Ed's concern is much more valid and realistic than Gil's. In Gil's case,
>having SYSPUNCH refer to SYS1.PARMLIB, or some other protected dataset
>really won't cause a problem, because APF authorization doesn't
>automatically bypass the security system. However, a maliciously coded
>
OK. Educate me. I had thought that once a program was APF
authorized, it became the responsibility of that program to
issue the SAF calls and respect the replies; if not, the program
could do anything it wanted.
For example, suppose someone link edited IEBGENER into an APF
authorized library and marked it AC=1. Now, I do:
//STEP EXEC PGM=IEBGENER
//STEPLIB DD DISP=SHR,DSN=...
//SYSUT2 DD DISP=SHR,DSN=SYS1.PARMLIB(...)
//SYSUT1 DD *
...
Where does it fail?
>HLASM user exit could, since it contains customer supplied code. Of
>course, if the Assembler is invoked via SMP/E authorized, those HLASM
>exits will have to be located in an APF authorized library, or else a 306
>abend will occur, so the writer of the malicious exit will still need a
>way to update an APF library.
>
And that wouldn't happen, except at Bob Shannon's site.
Thanks,
gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
