On Thu, Apr 22, 2010 at 3:32 PM, Thompson, Steve < [email protected]> wrote:
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Sam Siegel > Sent: Thursday, April 22, 2010 9:08 AM > To: [email protected] > Subject: Calling unauthorized code from an authorized address space > > Hi All, > > Switching subject lines to something more appropriate. > > I'm trying to write some authorized code that has a requirement to > invoke > unauthorized user exits. > > I'd like to be able to do the following. > > 1) Provide an anchor word so that the user exit can allocate and retain > memory from call to call. > 2) Pass a buffer of data (or the address of the buffer) to the user exit > so > that the user exit can modify the data. > 3) Allow the user exit to pass the address of data it has generated back > to > the authorized caller. > 3.1) Data in item 3 will most likely be in a different buffer than data > in > item 2. > > Pointers (with enough detail please so I can do the research) on how to > do > this and maintain system integrity will be greatly appreciated. > > Thanks, > Sam > > <SNIP> > > One of the ways to protect yourself is to force the EXITs to use a > storage key that is different from yours, and enforce that rule. > > Why? The EXITs are running in your address space, and so may change > storage that is in the key they are running in. So can you attach them > such that they will be in KEY10? > > Or, can you set up all your code to be loaded in KEY10 or KEY0 so that > the exit code can't modify your code? > > Now, can you put all of your control blocks (or structures) in KEY10 or > other than KEY8/9 if the exits will run in KEY8? If the exits will run > in KEY10, then you can operate "normally." > > Now, any address that is passed back to you, must be checked for a valid > storage KEY. It can't be an address of your storage. If it is, the EXIT > has passed a bad address. OR, the address passed back to you must be an > address you passed it. But now, how do you tell if the EXIT wrote beyond > what you intended? > > If the EXITs run in a different address space, you can use PC/PT/PR to > deal with all of this. > > I'm sure there will be others who will give more gotchas for this type > of problem. > Thanks for all the detail. It is going to take me a bit to study this and do some tests. > > Regards, > Steve Thompson > > -- Opinions expressed by this poster may not reflect those of poster's > employer -- > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
