Oops. I think I forgot to send this (quite a while ago). Gil wrote: <snip> It should be impossible for untrustworthy code to modify content of an Authorized address space. </snip>
Yes it should. And is. And better stay that way forever. REFRPROT is not relevant for that statement. REFRPROT is for increased reliability; it is not for increased system integrity (since any program authorized enough to write into key 0 storage could write into DAT-protected storage if they were of a mind to do so). I posit that authorized code must be considered "trustworthy" (because otherwise any statement about what is possible is fruitless -- an authorized program can do anything, and there is no z machine architecture to prevent that). Unauthorized code, by definition, does not run in an authorized address space so cannot modify the content of an authorized address space (if there is a space-switch PC, the target is authorized code). But even RENT authorized code in an unauthorized address space is protected from modification by unauthorized code by virtue of being placed into key 0 storage (as happens for authorized requests with an authorized concatenation) since the unauthorized code will (sort of by definition) not be key 0. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
