On 7/28/2006 5:17 PM, Wayne Driscoll wrote:
While that is true, since non-reentrent code loaded out of an APF
authorized library is loaded into KEY 8 storage, there is an integrity
exposure if said code is loaded into a multi-user address space, since
it is open to being modified (by accident or by intent) by a
non-authorized program. Since a reentrant program loaded from an APF
authorized library is loaded into KEY 0 storage, only another authorized
program could switch to PSW key 0 and modify the storage.
While that is true, Wayne, there are many risks with trying to do APF in
a multi-user address space. By the way, loading the code from the APF
library is probably not a problem in your scenario, but trying to
actually run APF-authorized certainly is. And don't forget that in
addition to the program storage, if you're concerned about malicious
users in a multi-user address space you need to worry (at a minimum)
about save areas and, in fact, all storage allocated by the authorized
program. Any use of key 8 storage by the APF-authorized program in that
situation is dangerous.
It's very difficult to get everything right in that situation.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
