On Thu, 9 Jul 2009 14:35:44 -0500, Rolf Ernst <[email protected]> wrote:
>Of course, there would be some sort of exposure if I were still authorized. >The question I have is can I remove this authorization temporarily or run >this code outside of authorization. At first I thought separate JSTCB but >attaching something without AC(1) still gives me authorized code. I figured >there would be a separate JSCB but so far I have not been able to explore >this to success. I fear there is no mix of authorized and unauthorized code >possible but there are other places in the list that allude to the fact that >one can 'remove authorization'. Not sure it could be regained. It's more complicated than simply removing authorization from a subtask. For one example, you also need to consider storage keys. You must ensure that your authorized code is not using key 8 storage, or you have an exposure and the unauthorized code will probably be able to become authorized. And if you haven't designed it that way from the start, redesigning all the authorized code will be a large effort. Thus, to answer your original question: your simplest (and most secure) way of doing what you want is to run the unauthorized code in a new address space, and either fork() or spawn() with appropriate parameters is your easiest way of doing that, I think. Mixing authorized and unauthorized code in a single address space with full integrity is very difficult, especially if not designed from the very beginning. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
