For system integrity, programs which run in an authorized state need to be protected from modification by unauthorized programs. Authorized programs which can run in an address space where unauthorized programs are also running need to be RENT for this purpose. So in that case, it is at least a purpose of marking them RENT.
Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY "IBM Mainframe Discussion List" <[email protected]> wrote on 08/30/2021 07:23:00 PM: > From: "Andrew Rowley" <[email protected]> > To: [email protected] > Date: 08/30/2021 08:25 PM > Subject: Re: RENT binder option > Sent by: "IBM Mainframe Discussion List" <[email protected]> > > On 30/08/2021 11:49 pm, Jim Mulder wrote: > > The behavior of loading RENT modules from authorized > > libraries into subpool 252 (key 0) is to prevent them from > > being modified by unauthorized programs. That is intended > > to contribute to security. > That is true, but it is a consequence of marking it RENT, not the > purpose. Are RENT modules from authorized libraries more secure than > non-RENT modules? > > It actually implies the opposite - RENT modules need additional > protection. When you execute a RENT module, you are executing something > that may have been loaded weeks ago, and without storage protection may > have been deliberately or accidentally modified. If a module is not > marked RENT, you get a nice freshly loaded copy every time. > > -- > Andrew Rowley > Black Hill Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
