Paul Gilmartin wrote:
But the hazard is manifest not when an authorized program obtains storage in a user key, but when an unauthorized program modifies that storage. Perhaps the solution would be to allocate user key CSA only in a subpool that would be segment-protected from modification by programs which are not APF authorized.
Segment protecting the storage won't solve anything.
If you talk with developers responsible for such code, they will tell you that user key CSA was used to specifically *allow* update by problem programs. Thus, the exposure is in the original software design itself. One may also place blame on the OS for allowing this exposure in the first place.
Disallowing the use of user key CSA by programs that depend on it requires software redesign, which is the reason it has taken some products so long to meet the challenge.
-- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
