In a message dated 1/23/2007 7:20:52 A.M. Central Standard Time, [EMAIL PROTECTED] writes: >Prohibit reading beyond DS1LSTAR, and enforce management of DS1LSTAR so it is never allowed to point past uninitialized space.
An unauthorized program can read beyond DS1LSTAR quite easily as long as allocation builds control blocks describing all allocated tracks rather than just those from the beginning of the data set to the track pointed to by DS1LSTAR. An unauthorized program can also read residual data beginning at the next track after any EOF record written to try to prevent this. All it takes is EXCP. IBM would have to add more validity checking into EXCP in order to prevent accesses beyond DS1LSTAR, which would cause big problems for some sophisticated applications, I'm sure. Higher level access methods, such as BSAM, QSAM, BPAM, BDAM, and VSAM all suffer from the same exposure. In fact, the exposure exists for all access methods, since an unauthorized program can do an EXCP to any allocated track mapped in the TIOT. Just because you use QSAM for most of the application's work does not mean you cannot have an EXCP in there somewhere that uses the same or a different DCB than that which QSAM is using. Bill Fairchild ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
