Actually I was talking about both the magic svc and a "normal" SVC that may do authorized code.
I don't want to do anything. I was simply recalling the different ways (some BAD) to run authorized stuff. It started by a discussion on the Rexx list, someone (for whatever reason) wanted to update the CVTUSER. Me, I'm just curious, and want to learn things. Lindy ________________________________________ From: IBM Mainframe Discussion List [[email protected]] On Behalf Of Rick Fochtman [[email protected]] Sent: 22 December 2010 23:19 To: [email protected] Subject: Re: Authorized Rexx Assembler Function ----------------------------------------------<snip>------------------------------------- >If I use an SVC, is this true? If the SVC does something or returns some >information that needs to be protected, then I need to use RACF to decide who >can call it or who cannot? And everyone said not to use a magic SVC, and I >get that. But if that SVC is also protected by RACF, is it at all a viable >solution? > > -------------------------------------------<unsnip>---------------------------------------- Any so-called "Magic SVC" is going to be hard to protect via RACF; the necessary code, blocks, etc. might get rather cumbersome. Using established APF mechanisms might be sufficient. But if you use the established mechanisms, you can bypass any magic SVC stuff right from the get-go. And since you and the rest of the Systems staff SHOULD be controlling ALL non-System APF code, you should be able to exercise complete control. If you are returning information that needs to be protected from other users, keeping it in your own address space should provide pretty good security. How many comman applications use cross-memory services, and how many application programmers even understand what cross-memory services can or cannot do? It might be helpful if you could detail exactly what you wish to accomplish. ?? Rick ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
