On Tue, 6 Apr 2010 10:39:22 -0500, Walt Farrell <[email protected]> wrote:
>There is a legitimate integrity exposure involved, and the APAR is properly >classified as such. We perhaps should have said a bit more in the >documentation. We're considering whether we can do so, and what we can say >that will convey the magnitude of our concern (though merely the fact that >we did this via an APAR with mandatory migration actions should serve as a >indication that we have serious concerns and there is a legitimate problem >to address). Things having quieted down significantly on this topic, I almost hesitate to reopen this discussion. However, I did say we would consider whether we could say any more, and we've done that. APAR IO12263 is open and contains the additional information that we can make available. Quoting from IO12263: <quote> The documentation provided with APAR IO11698 is incomplete and does not provide sufficient guidance in how to implement the System Authorization Facility (SAF) controls introduced in the APAR. The function supplied by IO11698 is not broken and no modifications are planned, however, the complete documentation provided with IO11698 should have been as follows: [some information from original documentation omitted from this message for brevity; see the APAR if you're interested] However, of all the functions described above, several need to be controlled very carefully. Users who are granted access to these resources have the potential to undermine system security regardless of any data set protections you may have in place. Therefore, they should be as trusted, for example, as users who have authority to update APF authorized libraries. These functions, and the corresponding SAF FACILITY class resources that SMP/E checks, are as follows: Function: Resource name: RECEIVE command GIM.CMD.RECEIVE APPLY command GIM.CMD.APPLY ACCEPT command GIM.CMD.ACCEPT RESTORE command GIM.CMD.RESTORE REJECT command GIM.CMD.REJECT LINK command GIM.CMD.LINK CLEANUP command GIM.CMD.CLEANUP Program GIMZIP GIM.PGM.GIMZIP Program GIMUNZIP GIM.PGM.GIMUNZIP Program GIMIAP GIM.PGM.GIMIAP </quote> In addition to a ++HOLD for DOC, the PTF for IO12263 will also have a ++HOLD for ACTION suggesting that anyone who applied the prior PTF and granted broad access to SMP/E functions should review those access authorities based on this new documentation. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
