Excellent, better yet what about a authorized rexx function callable via rexx
Scott ford www.identityforge.com On Jul 24, 2012, at 3:05 AM, Binyamin Dissen <[email protected]> wrote: > On Tue, 24 Jul 2012 00:57:09 -0500 Paul Gilmartin <[email protected]> > wrote: > > :>On Mon, 23 Jul 2012 19:35:04 -0700, Garry G. Green wrote: > > :>>Also TSO has an APF list. When you request invocation of a program that > is on the APF list (today this is in Parmlib IKJTSO; in the SPF days it was a > zap to IKJEFTE2/8) - instead of running the program, IKJEFT02 posts IKJEFT01 > (remember, it IS running APF) that you want to run a program APF. IKJEFT01 > then ATTACHs a 2nd copy of IKJEFT02, referred to as a Parallel TMP, the same > as the first one except it is told which program to execute, and the 2nd > IKJEFT02 has a JSCB whose JSCBAUTH flag is on. > > :>Why have such a special list rather than merely verifying that the program > :>resides in an APF authorized library and was linked with AC=1? > > Because a program expecting to be a job-step task may be spoofable, allocate > storage in a key where parallel tasks can update it, etc. > > -- > Binyamin Dissen <[email protected]> > http://www.dissensoftware.com > > Director, Dissen Software, Bar & Grill - Israel > > > Should you use the mailblocks package and expect a response from me, > you should preauthorize the dissensoftware.com domain. > > I very rarely bother responding to challenge/response systems, > especially those from irresponsible companies. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
