On Mon, 18 Sep 2006 17:51:14 -0600 Paul Gilmartin <[EMAIL PROTECTED]> wrote:
:>I am coming to suspect that the reason RETRY fails when I :>invoke SMP/E from an EXEC under IKJEFT01 is that GIMSMP :>is absent from AUTHPGM NAMES in SYS1.PARMLIB(IKJTSOnn). :>I've put in a request to add it. :>But, now I'm curious. Is there any good rationale that :>any program with AC=1 in an authorized library shouldn't :>run with APF authorization when CALLed from TSO. Is the :>security provided by the "isolated environment" incomplete? :>What happens when a program with AC=0 is (inadvertently) :>entered in AUTHPGM names and CALLed? The issue is that AC=1 programs expect to be called as job-step programs and may not completely clean up after themselves (expecting the initiator to do it). It is a slight exposure, handled by specifying those programs that are known to be well behaved. :>Could a systems programmer so inclined simply use :>"AUTHPGM NAMES( * )"? -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
