John, This has been discussed before, but AC(1) on a load module is ONLY checked when the program in question is attached by the initiator as a job step task. In that case, if AC(1), and loaded from an APF authorized library (which requires that ALL libraries concatenated to the STEPLIB DD be in the APF list), then the JSCBAUTH bit will be set. The reason that modules in LPA are considered to have been loaded from an APF authorized library is because if the JSCBAUTH bit is set for a job step, all program fetches MUST come from an APF authorized library, or the request will be abended with a SYSTEM 306 code. If the LPA wasn't considered loaded from an APF authorized library, then no authorized job step could execute code in the LPA. Any program that is not explicitly designed to be executed as a jobstep program should NOT be linked with AC(1), as there is the chance of an integrity exposure.
Wayne Driscoll Product Developer JME Software LLC NOTE: All opinions are strictly my own. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chase, John Sent: Wednesday, August 22, 2007 7:24 AM To: [email protected] Subject: Re: LPA Module Size 80MB impact on system? <snip> Regardless, unless I misunderstand "authorization", if an authorized caller were to invoke that module after it was loaded into the LPA, the module would be able to perform functions requiring authorization, even lacking AC(1). -jc- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
