On Tue, 13 Apr 2010 23:25:12 +0300, Binyamin Dissen <[email protected]> wrote:
>On Tue, 13 Apr 2010 16:12:19 -0400 Don Williams <[email protected]> wrote: > >:>Sorry, SMP does not bypass security. The user has to be smart and know what >:>to do, but no security is bypassed or violated. > >If the user cannot update the libraries, all that granting access to these >resources is allowing the APPLY to abend with a S913 in place of being >rejected due to lack of permission. > >How does allowing access to the SMP functions allow "the potential to >undermine system security" > > --- wait for it --- > >"regardless of any data set protections you may have in place." > >?? > >If I have all the libraries protected - how can SMP alter them? > We can guess all day. If you really want to know, set up some test scenarios and see what you come up with. My thought was that this could be related to something with z/OS unix, but if you aren't running the job under UID=0, then you need BPX.SUPERUSER for SMP/E to be able to do it's thing when you don't have the authority on your userid. So if you already have BPX.SUPERUSER, what more could SMP/E be giving you without this APAR? Not sure... haven't thought about it too much... but there could be something. BPX.SUPERUSER doesn't do everything for you in z/OS unix land. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:[email protected] Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
