For completeness, since I started this whole, ah, thing, I'm curious what they are. Here are the techniques I've learned so far, including the one that violates system integrity:
__ The standard acceptable method is to call TSO/E Service Facility, IKJEFTSR and pass it the name of an authorized module. __ Call an SVC that flips the JSCBAUTH bit back on. This is non-standard. If it is to be implemented even on a development system then added security needs to be built in to make sure it isn't misused. __ Simply put all the authorized stuff into an SVC or PC routine. That's all I've collected so far. Are there more ways? Lindy -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Wayne Driscoll Sent: 15. huhtikuuta 2008 17:49 To: [email protected] Subject: Re: Authorized Rexx Assembler Function Just to expand on Walt's statement "There are only a handful of ways of getting a program to start running authorized, even if the module comes from an APF-authorized library" append "that don't violate system integrity." Sure, there are numerous ways to make this work, but most of them have the side-effect that they leave the system in a compromised state. In a small development system this loss of integrity may be acceptable, but for production, or even larger development or test systems, this would not be. Wayne Driscoll Product Developer NOTE: All opinions are strictly my own. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
