On Tue, 24 Jul 2012 10:16:27 -0500 Paul Gilmartin <[email protected]> wrote:
:>On Tue, 24 Jul 2012 10:05:00 +0300, Binyamin Dissen wrote: :>>:>Why have such a special list rather than merely verifying that the program :>>:>resides in an APF authorized library and was linked with AC=1? :>>Because a program expecting to be a job-step task may be spoofable, allocate :>>storage in a key where parallel tasks can update it, etc. :>Sigh. I keep forgetting (wishful thinking?) what a primitive OS z/OS is; :>that it provides no simple way a program can protect its storage from :>meddling by others. z/OS still thinks it's running on a s/360. Well behaved programs can be protected by subspace and use of key 9 (as CICS does). Of course, that is only well behaved programs - a CICS transaction can always switch to CICS key and exit the subspace if it desires with purely (extended) problem state instructions. APF must protect itself against malicious programs as well. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
