When it comes to security, a "need to know" rule applies. This Is true that some (but not all, even not most, of the parmlib is in MVS control blocks. However, as a pen tester, I want to know which SMF records are recording my activity, dataset name of os components that are not part of their mvs lists (apf,linklist, etc). If you want to perform an attack, you need to find your attack vector and it takes time to discover what you need. I think that this process is called "readiness review" by intent...
ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Fri, Feb 4, 2022 at 5:31 PM René Jansen <[email protected]> wrote: > Several companies I was at lately had this policy of no read access to > PARMLIB, and it is a pain because things you are used to, like IPCS, do not > work without RACF READ access to it. I seem to remember that other tools > also get their startup parms from PARMLIB, so that seems very > counterproductive. > > René. > > > On 4 Feb 2022, at 16:26, Seymour J Metz <[email protected]> wrote: > > > > I don't believe that read access to PARMLIB is a security risk, and it > is possible that a prohibition could actually lead to security issues, but > if you are under the pervue of DISA the you need to abide by their > policies, although I would probably document the fact that I considered > UACC=NONE for PARMLIB inappropriate. > > > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > > > ________________________________________ > > From: IBM Mainframe Discussion List [[email protected]] on > behalf of Farley, Peter x23353 [ > [email protected]] > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
