In a message dated 8/19/2006 10:22:08 A.M. Central Daylight Time, [EMAIL PROTECTED] writes:
>The only security breach would be granting authorization to an adversary >to use an APF library or installing a user SVC. That's not a z/OS issue; >it's site policy issue. By definition, an authorized program is a trusted >program. The security breach is improperly granting access to an authorized >program. Which is exactly what I assumed before writing intermediate-level details on how to construct a nuclear device in your kitchen (low-leverl details are available elsewhere on the Internet). IBM will accept APARs which show that their standard security and protection mechanisms left a hole which could be exploited either intentionally or accidentally. And in order to make a program authorized, either one must obtain permission from one's management or else one must exploit a hole which IBM has guaranteed they will close. IBM will not accept APARs, however, which show that there is a hole in management's policies on allowing programmers to authorize a program. For all I know, the OP owns his own P/390 and he is the only user of it in the world. He can certainly grant himself the necessary authority, as I used to do to myself when I owned my own P/390. Whatever technique one uses, one must first be able to authorize the program which utilizes the technique. Bill Fairchild ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
