On 8/20/2006 10:57 AM, Keith E. Moe wrote:
I've always thought that MANY of the reasons requiring authorization could easily be controlled via Security Resources. The one that
immediately comes to mind is non-swappability. SYSEVENT DONTSWAP could (if the program was not already authorized/supervisor
state/supervisor key) issue a SAF call. If allowed, the request would be honored and a flag set for the life of the Job Step so the SAF call would
not have to be made a second time.
While it is unlikely that IBM would go back and change every "authorized" service to make SAF calls, it would be nice if they thought about
doing it in future authorized services. I believe that I submitted a requirement for this back when GUIDE still existed (pre-1999).
For a number of "new" services we have done just that. Look at the
services for adding code to dynamic LPA, or for changing the LNKLST, or
the APF list, for examples of this.
We are also not averse to adding SAF checks to some older services, but
finding the resources to do so, finding the right services to change,
and ensuring that making such changes actually improves security, is an
interesting challenge.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
