With that correction it goes back to OS/360 (R14?). Any keyword not recognized is assumed to be a symbolic parameter and is placed on the EXEC. I don't know whicj JOB parameters are allowed in z/OS V3R1.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Lennie Dymoke-Bradshaw <0000032fff1be9b4-dmarc-requ...@listserv.ua.edu> Sent: Wednesday, December 20, 2023 8:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands Maybe my statement needs correcting. I meant DD parameters, rather than JCL statements. I have done this, but it was over 30 years ago. I believe you can specify many JCL parameters which can go on DD statements. These are then applied to the IEFRDER DD statement. Happy to be corrected if someone else has better knowledge or if behaviour has changed since then. Lennie Dymoke-Bradshaw https: //rsclweb.com -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Seymour J Metz Sent: 20 December 2023 12:31 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands ? What JCL statements can START provide. As for parameters, that's limited to JOB, EXEC and DD. Of course, that's enough for a competent auditor to check who can use what. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Lennie Dymoke-Bradshaw <0000032fff1be9b4-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, December 19, 2023 7:33 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands START will take all sorts of JCL statements as parameters. You can use it to recreate data sets that are needed for other things to start. Lennie -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Seymour J Metz Sent: 19 December 2023 14:52 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands No, START. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Itschak Mugzach <00000305158ad67d-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, December 19, 2023 9:23 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Z/OS Survey - Unusuall system commands Seymour, Was it ROUTE command? ;-) Don't tell them. We fill our refrigerator using these weaknesses... BTW, I like your new Hebrew signature! ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: http://secure-web.cisco.com/1HFDwSALATpGpnOVQ1twvj_azjQO-49TCl66YZFiSGexFVtgJkqArNBLWq14ILxHxchctP5jw0R07PXsqOKidaa7KQIrorgeG3cKJFduizLKhcHE53HCgRQOzbg0MS58ChodSKN6oOU3P8VYqWoIFF2VRL2uFOaZHToBmQGAIQaDFnXV_E5uCdm4BtBTPzrXc3PotMpXndQTj6ODKe5CFxgJcAJc5buY2MuxA3pEIbImngo8exnCd4M59AKiKEyS7qfrtV6rA_YyljMDw7kVJ08WUO3oIEzKtbsZ0MsXUkEmAf4g04v5Nj9_rp4LWAaUBU7MRo2yZ1OgOnR8gDdWnKX1eMDIh5JQUTBRlrVqqjKKGmBNqMiqMGKHF2e_Q8PEItrsFtFUT1aCntdwgf_JNQ_V6Z592kGusGuZ5V9EmTj0/http%3A%2F%2Fwww.Securiteam.co.il **|* On Tue, Dec 19, 2023 at 4:20 PM Seymour J Metz <sme...@gmu.edu> wrote: > I you control your console commands through SAF, you have fairly fine > granularity. > > BTW, a couple of decades ago I reported a similar issue .on a command > that is extremely common. If you're doing an audit, look at the > common commands in addition to the rare ones. > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > עַם יִשְׂרָאֵל חַי > נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר > > ________________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on > behalf of ITschak Mugzach <imugz...@gmail.com> > Sent: Tuesday, December 19, 2023 3:12 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Z/OS Survey - Unusuall system commands > > There are some MVS commands that are hard to understand how and why > they were created. What bothers me is the fact that the input of the > commands that modify MVS behavior allows input from private dataset. > These are the first commands I am trying when I do a pentest... > For example: > *SETLOAD* allows on-the-fly change of parmlib concatenation using a > dataset that is not part of the parmlib concatenation itself. for > example: SETLOAD 03,PARMLIB,DSN=sys4.relson TCPCIP *OBEY* command > allows specification of TCPIP configuration from a private library. > > How frequent do you use these commands (if ever) and how do you > identify the use (assuming that the commands are protected by your > ESM). I wonder why IBM allows such a scenario. > > ITschak > > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Continuous > Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
