On Thu, 14 Oct 2010 19:54:44 -0500, John McKown wrote:
>The SPFCOPY that I remember simply used a "magic" SVC to set the APF on
>before calling IEBCOPY and back off afterwards.
>
I've heard of this. And that the "magic SVC" did extensive checkinf
of control blocks to verify that it was properly called by ISPF.
Bot that it was possible, in principle, to fool it.
But why? couldn't it just perform the equivalent of
address TSO 'CALL *(IEBCOPY)'
... and let TSO handle the integrity?
>Did PDSFAST require APF authorization?
>
>On Oct 14, 2010 7:23 PM, "Ted MacNEIL" <eamacn...@yahoo.ca> wrote:
>
>>Also, IIRC, IEBCOPY uses I/O appendages that require authorization, since
>they are loaded from SYS1...
>Yes. That's true.
>
Didn't other plies in this thread say that the third-party
alternatives don't use archaic appendages, thus don't require
AC=1.
Is there a third-party IEBCOPY replacement that is runs AC=0 and
is interface-compatible? If a programmer specified such a
product as the COPY utility for SMP/E, and avoided WAIT in
DDDEFs, could he run SMP/E in unauthorized state? Would this
avoid the unspecified integrity hazard that mandates bizarre
RACF authorization for use of SMP/E?
I would hope so; isn't it IBM's integrity statement that any way
in which a non-authorized program can threaten system integrity
will be fixed at highest priority.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
