On 2/12/2013 8:49 AM, John McKown wrote:
Another possible solution, which I did with different IBM module, is to write a small HLASM program. This program would verify how it was called by looking at the RB chain, to be sure it was not the first RB on the TCB is what I'm thinking. Now, you statically link this routine into the compiler initial program object. But, at the same time, you do a Binder CHANGE command to change the CSECT name of the actual compiler to something unique. And you give the HLASM routine the standard CSECT name. The HLASM does a static CALL to the new name of the actual compiler module after doing its validation, passing the original parameters to the compiler.
The problem with this is that a capable programmer will LOAD the module, and can use BSAM or EXCP to explore the module structure, or search through storage, then enter the code at any offset desired.
I prefer the earlier suggestion of controlling write access to critical data sets. SMF reports may be used to check access, at which point it becomes a management problem.
Gerhard Postpischil Bradford, Vermont ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
