On 6/19/2012 10:22 AM, Paul Gilmartin wrote:
If I have READ access to an ADRDSSU-unloaded archive of a restricted data set, and I know the data format (is it documented, or is it security-by-obscurity?) or can infer it, can I not filter it to a copy, changing the original data set names to my TSO prefix, reload it, and gain unauthorized access to data?
A colleague of mine wrote a program, DSSREST, that will allow restore of a DSS tape (no VSAM or later stuff); I use it to load stuff on MVS 3.8. It doesn't even require authorization. So IBM's restriction on minimal access to the data sets to be dumped makes sense; as noted, exporting to another data center invalidates the protection.
In general, any black hat can run Hercules, steal a fairly current zOS, define any and all RACF rules, and gain unrestricted access to everything that can be removed or copied from a secure facility. Even simpler would be to adapt a SAF exit to allow every request.
Gerhard Postpischil Bradford, VT ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
