On 9/18/2006 7:51 PM, [EMAIL PROTECTED] wrote:
I am coming to suspect that the reason RETRY fails when I
invoke SMP/E from an EXEC under IKJEFT01 is that GIMSMP
is absent from AUTHPGM NAMES in SYS1.PARMLIB(IKJTSOnn).
I've put in a request to add it.
But, now I'm curious. Is there any good rationale that
any program with AC=1 in an authorized library shouldn't
run with APF authorization when CALLed from TSO.
We do not know of any integrity problems that would arise if you put
AC(1) IBM-supplied programs into the AUTHPGM list. (Note: The AUTHTSF
list is a different topic.) Generally it is more a question, I think,
of whether the program is doing something that you would want run under
TSO, given the dispatching priority of TSO users, and some environmental
characteristics (how long the user will be waiting while it runs, for
example) that determines whether you allow the programs to run under
TSO/E or not.
It is, in fact, likely that if a program were to cause an integrity
problem when run in TSO that it would also cause an exposure when run in
batch. However, I can envision some odd kinds of effects that could
pose problems in TSO that would not pose problems in batch, given the
differences between "normal" tasks and jobstep tasks.
Is the
security provided by the "isolated environment" incomplete?
It's not that it's incomplete. But consider that when a job step
terminates it goes through a full set of step termination, and step
termination resource managers. Other tasks get less cleanup. TSO/E
does have a list of things it resets when an APF-authorized program
terminates, but TSO/E can not possibly know everything that an APF
program might have decided to do (storage it might allocate from
authorized subpools, name/token services, etc.), and some of those
things would get undone at jobstep termination but not during other
forms of task termination.
If you put a program into AUTHPGM, and its documentation does not say
that you should not do that, and you experience an integrity problem,
you should be able to get an integrity APAR open via the IBM Support
Center (assuming it's an IBM program, of course).
What happens when a program with AC=0 is (inadvertently)
entered in AUTHPGM names and CALLed?
It runs unauthorized.
Could a systems programmer so inclined simply use
"AUTHPGM NAMES( * )"?
I don't think that is valid syntax.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
