On Tue, 27 Sep 2022 13:50:14 -0500, Paul Gilmartin <[email protected]> wrote:
> >Breaking an existing authorized program in that fashion could be a buffer >overrun leading to escalation of privilige; an integrity threat that I'd >consider >an incompatibility. But are you talking about PARM=, which Peter has covered (long parms not allowed unless specified by the authorized program's directory entry), or about the APIs you mentioned (LINK, ATTACH, etc.)? For the APIs, you can only "break" the existing authorized program if you (the program issuing the API call) are also running authorized. If you're not authorized, the program you're invoking won't run authorized, either, and there's no integrity exposure. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
