On Tue, 21 Jul 2009 07:14:13 -0400, David Cole <[email protected]> wrote: >(As mentioned in my prior post, one technical way to partially >address this exposure would be for IBM to reduce the number of >reasons requiring a program to run authorized.)
And if there we had a simple way of doing that, we would. Unfortunately, our analysis to date shows that (a) no simple method of accomplishing it exists, especially one that covers enough functions to allow vendors to eliminate their need for full APF in most of the vendor code; and (b) that the complex methods are complex both for z/OS to implement, and for the IBM and vendor products to exploit; and (c) that the complex methods are also very complex for the customer to administer. The functions that require APF do so because, simply, they allow someone to take over the system. Directly, for some of the functions, and indirectly for many others if you're clever enough. Re-architecting the system functions to eliminate the possibility of taking over the system, or allowing granular control in a way that does not involve massive rewriting of both the system and the vendor applications, and that does not involve massive administrative efforts for our customers, would be a big job. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
