On 7/6/2006 12:01 PM, Craddock, Chris wrote:
John Chase wrote:
I've suggested there that they recode their SVC to issue the RACROUTE
from within the SVC and return the results to the program via the
"normal" return from the SVC.
...snipped...
But while I'm on that soap box, obtaining some other user's credentials
is an authorized function because only a properly authorized resource
manager has any right to access them. John Q. certainly does not and
providing a wrapper for a function that will do so is just as much a
security violation as writing the password on a sticky note next to the
terminal.
As described they are not "obtaining some other user's credentials".
They are obtaining the other user's name and group connection
information. Obtaining the credentials would involve actually getting a
usable (e.g., attached to a TCB) copy of the other user's ACEE.
People have to remember that any code they write and install in the
system can also be called (often creatively) by "black hats". Just
because you wrote it for CICS doesn't mean some ingenious twerp can't
fool it into doing something "bad" from some other more user-friendly
environment like TSO.
True. And that makes a PC a more advisable implementation than an SVC
for this case, in my opinion. They could front-end the execution of CICS
with a program that would verify that it was a job-step task, and would
define a PC available only within its own address space, and then
transfer control to CICS for the rest of its initialization processing.
Then the function could not be invoked from other environments.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
