On Tue, 27 Dec 2011 08:18:44 -0600, Paul Gilmartin <[email protected]> wrote:
>On Tue, 27 Dec 2011 07:49:31 -0500, Peter Relson wrote: > >>>What PARMLIB member is it that allows >8 characters between periods? >>> >>http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/dgt2c190/8.6.5.1 >> >>As Paul Gilmartin posted, this is a reference to: >>MODIFY CATALOG,DISABLE(DSNCHECK) >> >There's precious little further documentation I can find. Is >all syntax checking removed? Is even the HLQ allowed to >exceed 8 characters? > As far as I can tell from looking at the code, yes, all syntax checking is removed. With the option disabled the routine that is preparing to write the new catalog entry bypasses calling the subroutine that would perform the syntax check (overall length, character content, node length, etc.). Technically that should allow any name to be cataloged. Of course, I can't tell what other checking might precede that routine as I don't know the catalog code very well. Of course, it's always been possible to have uncataloged names that violated most of the rules, but this seems to make it possible to catalog those names, too. I have no idea what would happen if the name exceeded 44 characters. Nor what would happen if the first node exceeded 8 characters (though I might guess that it could work, as long as the user had authority to update the master catalog). And, of course, if any security checking occurs you'd find that RACF is one of those components that has no idea about this option, and so would apply its normal rules, but things might work OK if either SETROPTS PROTECTALL(NOFAIL or WARNING) is in effect, or if one has appropriate RACF profiles defined. (Appropriate profiles: RACF will normally require that each qualifier (node) of the name have a length <= 8, but a * that ends the profile name (non-EGN), or a ** that ends the profile name (EGN), will handle qualifiers longer than 8. Still, in the absence of a naming convention table RACF will expect the first qualifier to be <= 8 characters, and to match a user ID or group name.) But remember that these considerations would also apply to anyone trying to create uncataloged data sets, so it's not really related to this catalog option. >Some people suspect that this was an unintended consequence >of removing all syntax checking when CVOLs were supplanted. >After the product was in the field, some customers complained >that programmers were cataloging DSNs that couldn't readily >be manipulated with customary utilities. IBM discovered or at >least suspected that other customers were actively exploiting >the feature and had little choice but to provide an option. > As far as I can see, the option has existed since 2000 or 2002, though I get a bit confused as I look at the source: it appears that the option was created in 2000 but that the code to bypass the syntax checking was added in 2002, though it all seems associated with FMID HDZ11G0. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
