> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of john gilmore > Sent: Saturday, August 19, 2006 9:14 AM > To: [email protected] > Subject: Re: EXCP with a DEB > > Bill Fairchild has told you the most important thing you need to know. > > There are ways to do what you want to do. They would be APARable as z/OS > security breaches if they werje described in sufficient detail to be > usable. The only security breach would be granting authorization to an adversary to use an APF library or installing a user SVC. That's not a z/OS issue; it's site policy issue. By definition, an authorized program is a trusted program. The security breach is improperly granting access to an authorized program.
> The presence of bank vaults in the world means that there must also be > locksmiths in it who can open them, and I suppose that there is a similar > rationale for the skills needed to breach z/OS, but this is a public forum > in which I for one do not think we should facilitate such operations by > unknown people. It's a policy issue for the people in control of the bank vault to decide when to open the vault using the combination versus a locksmith. It's not a security breach/flaw of the vault design that it can be opened by a skilled locksmith. Whoever granted access for the locksmith to the vault is the real issue. > John Gilmore /snip/ Jeffrey D. Smith Principal Product Architect Farsight Systems Corporation 700 KEN PRATT BLVD. #204-159 LONGMONT, CO 80501-6452 303-774-9381 direct 303-484-6170 FAX http://www.farsight-systems.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
