On Mar 8, 2012, at 1:15 PM, Ray Overby <ray.ove...@kr-inc.com> wrote:
> Rob - How about: If your authorized program while executing in PSW Key 0-7 > stores into an address provided by an unauthorized caller (as long as the > store operation uses the execution PSW KEY) then this is a violation of the > IBM statement of integrity. Not necessarily. The integrity statement would only be violated if the privileged program allowed the non-privileged program to circumvent key controlled access. To prevent this, the privileged program must use the non-privileged program's PSW key when passing any results back in areas provider by the caller (e.g. By using MVCDK and the caller's key) - however, the privileged program must also ensure that it does not inadvertently disclose the contents of fetch protected storage, regardless of how it moves the results back to the caller. In the latter case a black hat might cleverly cause a malformed privileged program to copy (say) contents of key zero fetch protected storage into plain old user key storage where the black hat could inspect it to his heart's content. So bottom line: using the caller's key to return results is a necessary, but not sufficient condition to maintain integrity. CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
