On Saturday 19 August 2006 11:14, john gilmore wrote: > There are ways to do what you want to do. They would be APARable as > z/OS security breaches if they were described in sufficient detail > to be usable.
What you describe is "security through obscurity". I believe most people on this list agree that it is an ineffective way to protect a computer system. A program in KEY=ZERO can do anything it wants and bypass all the control and security mechanisms. That's the way MVS always worked and it's not going to change. Whether the OP should be doing what he describes and/or should be authorised to do it is something his security admin should decide. System integrity APARs address situations where a user who's not authorised can, in fact, access certain authorised functions because of a failure in a system component. If RACF is set up to let non-trusted users update APF-authorised libraries and run code in KEY=ZERO, then it's not a system integrity issue, but a security administrator issue. -- Gilbert Saint-Flour GSF Software http://gsf-soft.com/ mailto:[EMAIL PROTECTED] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
