> TRUSTED is a way for the systems programmer to make it harder for > an over-zealous security officer to break the system.
Mit der Dummheit kämpfen Götter selbst vergebens But that applies equal well to a security officer who is too lax. It is essential that he be trained to understand the ramifications of decisions that he makes on his own and know when to consult specialists. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [[email protected]] on behalf of Leonard D Woren [[email protected]] Sent: Monday, August 21, 2023 3:39 PM To: [email protected] Subject: Re: XCFAS and TRUSTED Andrew Rowley wrote on 8/20/2023 4:40 PM: > On 21/08/2023 9:28 am, Lennie Dymoke-Bradshaw wrote: > >> Secondly, when IBM states that a task should be given the attribute >> of Trusted, then I take it to mean that IBM is saying that the task >> can be trusted that this attribute cannot be the source of an >> exposure for that task. > > I think when IBM says a task should be given trusted, it's a > stronger statement than that. > > I take it to mean that the task should never be denied access by the > security system, and any denial of access risks the stability or > operation of the system. The endpoint of the last clause above is the inability to IPL the system. My vague recollection from back when I was a senior systems programmer is that you set as TRUSTED any task which is necessary in order to get enough of the system up and running so that you can logon and fix problems. If JES2 or VTAM or (long list) fails before you can logon, have fun fixing it. This was before there was such a proliferation of system address spaces, but I figure the same applies. Putting on my cynical hat (which I never really take off), TRUSTED is a way for the systems programmer to make it harder for an over-zealous security officer to break the system. /Leonard ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
