IBM Mainframe Discussion List <[email protected]> wrote on 05/05/2008 03:59:25 PM:
> i do not understand why ALLOWUSERKEYCSA is such an issue now. > things worked for years when it defaulted to (YES) under pre z/os 1.9 > releases, so why is it suddenly a security risk to reset the current > default so that it remains set to (YES). The security risk of using user key CSA is not a new issue. IBM manual GC28-1439-00 MVS Planning: Security at least as far back as 1994 states: 5.5.1.1 Guidelines You should follow these guidelines to protect your system and user resources: ° Allocate control blocks, work areas and buffers owned by authorized programs in subpools with a system protection key to prevent write access by unauthorized programs. ° Allocate proprietary data stored in the MVS common area in a fetch-protected subpool in a system protection key to prevent read and write access by unauthorized programs. ° Do not allocate key 8 storage in the common area because it can be read or written by any program in any address space. Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
