In <[email protected]>, on
08/28/2012
at 10:28 PM, Paul Gilmartin <[email protected]> said:
>You're right. I don't like it. How did you guess? Actually, in
>HLASM I could do anything, even write my own TMP. If I wanted to.
>If I knew how. Couldn't I?
Yes, and IBM used to document how, back when the TMP didn't have to be
authorized.
>And If I can prompt for passwords, I can copy them.
If you have unchecked write access to system libraries then you can do
all sorts of nasty things. That's why you need audits and controls on
them.
>Is this more frightening than multiple TSO sessions on separate
>processors, which I do regularly?
Multiple TSO sessions for a user on the same system introduce
additional issues, e.g., CANCEL, SEND, profiles. Depending on how it's
set up, that last could be an issue even on separate systems.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2 <http://patriot.net/~shmuel>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
