Re: ACF2 SVCs -- Required?!?

Fri, 15 Jul 2011 06:02:45 -0700 

> -----Original Message-----
> From: IBM Mainframe Discussion List On Behalf Of Bill Fairchild
> 
> What "malicious use"?  Did they document any malicious use at your or any 
> other installation in the
> world?  Was that their phrase or is it your paraphrasing what they said?  
> Maybe you meant to say "...
> reduce our exposure to its POTENTIALLY malicious use."

I've already said more than I know about ACF2, but from the various responses 
in this thread so far it seems the equivalent "advice" for a RACF shop would be 
to have ZERO users with the System SPECIAL attribute.

    -jc-


> 
> Bill Fairchild
> Rocket Software
> 
> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf 
> Of Tony Harminc
> Sent: Thursday, July 14, 2011 3:12 PM
> To: [email protected]
> Subject: Re: ACF2 SVCs -- Required?!?
> 
> On 14 July 2011 14:55, Tom Sims <[email protected]> wrote:
> 
> > Yesterday we entertained a group of vendor representatives who
> > presented their assessment of our implementation of ACF2.  Among their
> > key findings and recommendations was a high-criticality suggestion to
> > remove the ACF2 "alter SVC," which was characterized as a dangerous
> > back door around access control, the removal of which would
> > substantially reduce our exposure to its malicious use.
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
> [email protected]
> with the message: GET IBM-MAIN INFO Search the archives at 
> http://bama.ua.edu/archives/ibm-main.html
> 
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: GET IBM-MAIN INFO
> Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to