On 12 April 2011 11:46, Paul Gilmartin <[email protected]> wrote: > On Tue, 12 Apr 2011 11:32:12 -0400, Tony Harminc wrote: >> >>This has been a fundamental ingredient in the preservation of MVS >>System Integrity from the very earliest days, and was a marked >>difference from what came to be called SVS. If every module expecting >>or willing to get control in an authorized state had to check that its >>caller was the right one, or that the calling environment and passed >>arguments were suitable and safe, the IBM and ISV worlds would grind >>to a halt for years of remediation. >> > ??? > > Every such module must so check before performing any operation which > would not be allowed to a nonauthorized program. The worlds have not > ground to a halt, but only because the checks are made.
We are surely speaking of different things. The linklist and other authorized libraries are chock full of modules that expect and require invocation in an authorized state, and which do not check their callers' arguments or state. These modules are protected against arbitrary invocation by virtue of their AC(0) status; only an already authorized program can invoke them. The system does not protect, nor would it be reasonable for it to do so, against "rogue" authorized code incorrectly invoking other modules in an authorized state. This is the reason for the alarm at the notion that casual relinking/binding with AC(1) is a wise fix for anything. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
