On Tue, 20 Apr 2010 15:36:30 -0500, Rick Fochtman wrote: >-------------------------------<snip>------------------------------------- > >>>From: Peter Nuttall >>>Date: Tue, 20 Apr 2010 07:48:46 +0200 >>> >>>Yes to all of that .... Puzzled me too ... Never seen it before .... I am >>>aware of the concatenation restriction on APF authorised load libraries >>>(and the integrity reasoning behind it), but there are no steplibs in the >>>job and the Joblib is, obviously, the same for all steps. >>> >>> >>> >>What is that "integrity reasoning"? Doesn't LINKLIST nowadays support >>a mixture of authorized and unauthorized libraries, with the authorization >>of the step depending on the status of the individual data set from >>which the module was loaded? >> >>Is it merely that since the programmer controls the content of STEPLIB >>there's little utility in supporting similar behavior in STEPLIB? >> >>-- gil >> >> >------------------------------------<unsnip>---------------------------------- >I suspect that it's based on the premise that the LINKLIST libraries are >controlled by a security-conscious Systems Programming staff, whereas >STEPLIB can access any loadlib, including, perhaps, a library with >modules of "malicious intent or design". > ???
It can do that now; they just better not be authorized (unless they're GIMSMP). I was envisioning that, as with LINKLIST, a load module loaded from an authorized catenand would run authorized; a load module loaded from an unauthorized catenand would run unauthorized. No security problem. Should have been easy to do, given that Jim M. says this determined by a bit in the DEB set at OPEN, and OPEN surely knows what data set the DEB belongs to. But, Jim says (and I agree, as stated above) that there's minimal value in mixing authorized and authorized data sets in STEPLIB. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
