Gil would know the answer to the first half of this ... I'm not a UNIX expert. My sole claim to UNIX expertise is that I once *managed* a bunch of UNIX experts. I seem to recall that in UNIX you can do something like the following -- and I'm using the wrong terms, but hopefully you can get what I mean. Suppose you have an executable X. You can set its security such that only user FOO can run it. FOO is not a real person. Instead, you have a program Y that you set up such that it runs with the authority of FOO. So then a user can potentially run program Y which in turn runs program X, but that user cannot himself run X all by itself.
Is my recollection correct? z/OS and RACF don't have an equivalent facility, do they? Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Tuesday, February 12, 2013 7:11 AM To: [email protected] Subject: Re: How do people lock down the compilers "inside" CA Endevor? On Tue, 12 Feb 2013 07:49:27 -0600, John McKown wrote: > >Another possible solution, which I did with different IBM module, is to >write a small HLASM program. This program would verify how it was >called by looking at the RB chain, to be sure it was not the first RB >on the TCB is what I'm thinking. ... > I invoke a lot of programs with Rexx "address LINKMVS". How does that affect the RB chain? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
