On Wed, 24 Jul 2013 16:32:41 -0700, retired mainframer wrote: >I don't think SMPE's APF attribute is the root of the problem. There are >numerous APF programs that are safely usable by users with extremely >variable privileges and authorities (e.g., IEBOPY, AMASPZAP, and Binder). > As of 1.13, IEB[C]OPY is AC=0. (But there is an AC=1 version kept for those who feel they need it (why?).) IEWL (IEWBLINK) is AC=0. AMASPZAP is AC=01 (why?) Of course any program that runs AC=1 assumes the responsibility of performing its own SAF checking. I believe this is true also for any program linked AC=0 into an APF authorized library where it may be attached by an AC=1 program.
>I think the real problem is the fact that SMPE somehow "abuses" APF to >bypass normal security checks for some of its processing. Until IBM decides >to correct that (removing APF seems like it would be effective but also >seems like overkill), an equitable solution that addresses the needs of both >sysprogs and non-sysprogs is likely to be elusive. > Why "overkill"? If it's unnecessary, it's safer and more useful without it. "abuses"? It's possible. It's possible that development added a new function and hadn't the resources to code the necessary SAF checks. It's even possible that some specified function of SMP/E requires bypassing normal security checks, although that seems highly unlikely. I suspect the flaw isn't aboriginal; more plausibly it was introduced by some function added recently. My favorite candidate suspects are Java, Unix System Services, and Internet. I wonder what happens if I supply my own directory in place of "//SMPCPATH DD"? Etc. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
