In <[EMAIL PROTECTED]>, on
06/14/2006
at 06:27 PM, "Craddock, Chris" <[EMAIL PROTECTED]> said:
>Nooooooooooooooooo. All that AC=1 does is tell the initiator that the
>program is eligible to be run as an APF-authorized the job step.
A bit more than that; I believe that there are four cases where TSO
uses RSAPF=YES.
>If the program is not expected to be run as an APF authorized job
>step then it should not <ever> have AC=1 set.
See above.
>That's considered an integrity exposure.
Close. If the program is not intended to be *either* an authorized JS
or authorized in a TSO context then it is an integrity exposure,
unless there's a user of RSAPF=YES that I don't know about.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
