On Tue, 19 Sep 2006 08:32:27 -0600 Paul Gilmartin <[EMAIL PROTECTED]> wrote:
:>In a recent note, Binyamin Dissen said: :>> Date: Tue, 19 Sep 2006 10:34:18 +0300 :>> On Mon, 18 Sep 2006 17:51:14 -0600 Paul Gilmartin <[EMAIL PROTECTED]> :>> wrote: :>> :>I am coming to suspect that the reason RETRY fails when I :>> :>invoke SMP/E from an EXEC under IKJEFT01 is that GIMSMP :>> :>is absent from AUTHPGM NAMES in SYS1.PARMLIB(IKJTSOnn). :>> :>I've put in a request to add it. :>> :>But, now I'm curious. Is there any good rationale that :>> :>any program with AC=1 in an authorized library shouldn't :>> :>run with APF authorization when CALLed from TSO. Is the :>> :>security provided by the "isolated environment" incomplete? :>> :>What happens when a program with AC=0 is (inadvertently) :>> :>entered in AUTHPGM names and CALLed? :>> The issue is that AC=1 programs expect to be called as job-step programs and :>> may not completely clean up after themselves (expecting the initiator to do :>> it). :>That raises more questions than it answers: :>o How justified is that expectation? Don't numerous authorized :> utilities and authorized user and vendor programs invoke other :> authorized utilities? Yes, but they are prevented from loading programs from non-APF libraries. :>o Isn't it equally true that AC=0 programs may fail to clean up :> after themselves? Yes, but they cannot leave things around that may cause an exposure. :>o When the TMP ATTACHes an AC=0 program (presumably in the non-authorized :> "leg") does the TMP clean up after it? If so, why doesn't the :> TMP likewise clean up after programs run in the isolated environment? An authorized program has the ability to leave things around that are connected to higher level tasks or that could cause an exposure. :>o Does IBM publish a list of IBM programs which are suitable for :> naming in AUTHPGM NAMES, or is the presmption that only programs :> included there as it is distributed by IBM are eligible. That should be the default. :> My immediate concern is with SMP/E. I've been CALLing it but :> enduring the failure of RETRY and omitting WAIT. And I know :> SMP/E fails to clean up -- I must do some FREEs before the :> next CALL, or it runs with bogus DDNAMEs. (I tried PMRing this; :> IBM couldn't reproduce it, nor could I in a suitably small test :> case though it happens regularly in my production. I continue :> to do OUTTRAP LISTALC, then FREE selected DDNAMEs) I do not believe that SMP/E leaves PC routines or SVC bypasses around. :>> It is a slight exposure, handled by specifying those programs that are known :>> to be well behaved. :>> :>Could a systems programmer so inclined simply use :>> :>"AUTHPGM NAMES( * )"? :>Or the like? Not aware of any exit that will allow this. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
