Paul Gilmartin pisze:
On Wed, 7 Apr 2010 15:42:31 -0300, Clark Morris wrote:
The second is the question of APF authorization. I believe that one
of the longer term goals should be to remove the need for APF
authorization from all utilities where at all possible. The
requirement that IEBCOPY be APF authorized probably should have been
removed 20 - 30 years ago since a competitive product seems to be able
to do without it. ...
That provokes a very interesting sequence of questions:
o Is that competitive product interface and data compatible with
IEBCOPY?
o If so, can it be used as a substitute for IEBCOPY with SMP/E?
o If so, can SMP/E be run without APF authority (provided the user
sidesteps the S99WTDSN entanglement)?
o If so, can the installation specify UACC(READ) for all the SMP/E
facility classes with confidence that there is no threat to
system integrity?
If the answers are respectively yes, yes, yes, no, then there is
a gaping security hole that needs to be plugged. No unauthorized
program, regardless of the provenance of the code (IBM, customer,
ISV, or any mixture) should pose a threat to system integrity.
(Isn't that IBM's policy position?)
Do we know that the APAR is related to APF authorization of GIMSMP?
Why do we consider IEBCOPY? Is IEBCOPY engaged in any way in the APAR?
Do we know that?
BTW: I know that APF program cannot call other program out of APF
library. However in this case we consider the opposite scenario: Can
non-APF program call APF-one? If so, then GIMSPE may be unathorized
with no changes to IEBCOPY authorization. Is my assumption correct?
BTW2: I can imagine APAR classified as integrity for unauthorized
program and this does not break any integrity statement. Just matter of
"integrity" definition.
--
Radoslaw Skorupka
Lodz, Poland
--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl
Sąd Rejonowy dla m. st. Warszawy
XII Wydział Gospodarczy Krajowego Rejestru Sądowego,
nr rejestru przedsiębiorców KRS 0000025237
NIP: 526-021-50-88
Według stanu na dzień 01.01.2009 r. kapitał zakładowy BRE Banku SA (w całości
wpłacony) wynosi 118.763.528 złotych. W związku z realizacją warunkowego
podwyższenia kapitału zakładowego, na podstawie uchwały XXI WZ z dnia 16 marca
2008r., oraz uchwały XVI NWZ z dnia 27 października 2008r., może ulec
podwyższeniu do kwoty 123.763.528 zł. Akcje w podwyższonym kapitale zakładowym
BRE Banku SA będą w całości opłacone.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
