The one advantage that AllowUserKeyCSA=(program1,program2)
would have over the current AllowUserKeyCSA=YES/NO is that
it would prevent any new code from allocating User Key CSA while
an installation is trying to get converted over to full protection.
(Better still would be a SAF call, but I don't want to get into
implementation arguments.)
It seems that we have been talking about user key CSA for a very
long time, and sites still find that they can't convert to full protection.
If a site can't get to full protection because of one or two critical
programs, they should at least be able to put in a gate-keeper
rather than leaving the door completely open.
/jack
----- Original Message -----
From: "Jim Mulder" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
To: <[email protected]>
Sent: Monday, May 05, 2008 3:52 PM
Subject: Re: allowuserkeycsa
IBM Mainframe Discussion List <[email protected]> wrote on 05/05/2008
10:05:27 AM:
Eileen Barkow of the IBM Mainframe Discussion List
<[email protected]>
wrote on 05/05/2008 08:10:03 AM:
> we have an old vendor written product (MEMO) which we could not change
> and which was getting a b0a-5c abend under z/os 1.9 and we had to
change
> the default to ALLOWUSERKEYCSA=YES.
>
Instead of an all inclusive ALLOWUSERKEYCSA=YES, why not something like
ALLOWUSERKEYCSA=(program1,program2,...) for situations where there is no
source code or support.
From a system integrity point of view, there is no benefit to
doing that. If you have a system which on which all users and
all programs are trusted (i.e. a system where you would be willing
to APF authorize every program library, and give every user
Superuser authority and RACF Special authority, or turn off your
security product), then it is acceptable to specify ALLOWUSERKEYCSA(YES).
If you do not trust all users and all programs on a system, a single
product which uses user key CSA is likely to be allowing an untrusted
program or user to be able to do things which it should not be
permitted to do, and may be allowing an untrusted user or program
to be gain complete control of the system and do anything
it desires. So the question is, on a system where you have any
security requirements, are you willing to incur the risks presented
by running a product which uses user key CSA and may be allowing
untrusted users or programs to bypass security?
Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
