On Wed, 8 May 2013 10:33:46 -0400, Gerhard Postpischil wrote: >On 5/8/2013 8:37 AM, Walt Farrell wrote: >> I'm not sure why Gerhard thinks that is a security problem, gil. But >> certainy if users push jobs through the INTRDR directly (as opposed >> to via TSO/E SUBMIT or ISPF SUB) then you can't depend on any >> restrictions imposed by IKJEFF10; you would have to use JES or SMF >> exits. > >I never said that I consider it a security problem, only that I >installed software at sites that did. No idea what their auditors or >management are concerned about. > Ah! Job security!
Walt suggests that it's pretty hard to stop them. How did you (or they) do it? I suppose if TSO SUBMIT operates in authorized state one could hack allocation to restrict INTRDR to authorized programs. Does ISPF SUBMIT invoke TSO SUBMIT in authorized state? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
