On Tue, 27 Apr 2021 15:32:12 +0300, Itschak Mugzach wrote:
>Have a look at getpwent. If I am not allowing a user to list RACF users,
>why are they allowed to list it via this command using syscalls?
>
If you see a security problem here, open a PMR with IBM. IBM takes
security issues seriously.
I suspect the underlying service you need to protect is BPX1GPE:
https://www.ibm.com/docs/en/zos/2.4.0?topic=descriptions-getpwent-bpx1gpe-bpx4gpe-sequentially-access-user-database
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
