Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use

Wed, 14 Apr 2010 10:21:48 -0700 

W dniu 2010-04-14 16:46, Walt Farrell pisze:
[...]

In the original discussion, it was speculated that IBM obviously did not
understand that one should protect the data sets rather than trying to
protect the program or functions.  And that therefore anyone who did have
proper data set protections is safe.

In most cases that is true.  In this case it is not (that's why there is an
exposure, and that's why we had the System Integrity APAR IO11698 and its
PTF(s).).

Some of you are trying to guess what the exposure is, or speculating about
what it may be.  We will not participate in such speculation or confirm
anything about it.

What is important is that you understand that you are at risk if you do not
carefully control who can run those SMP/E functions, and that your users who
can run those functions must be very trusted users.  And that's why we have
the new APAR IO12263.

Note, by the way, that the official IBM statement on all of this is in the
APARs, not my emails on this topic.  I am merely trying to help some of you
understand those statements since there still seems to be some confusion.
Now I feel a little bit scared. So dataset protection can be bypassed. It is OK for programs which: 
a) have APF atuhorization
and
b) use the authorization in safely controlled manner, vide ADRDDSU and STGADMIN.ADR.STGADMIN profiles.
Ad a) If a program does not require APF to bypass dataset (or other) protection then it's not the issue with the program itself, it is security hole in the system!
Walt, can you confirm that the APAR issue wouldn't happened without APF authorization for SMPE? 




--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237 
NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to