> You mention below that the way MVS loads APF modules (bypassing an > unauthorized JOBLIB/STEPLIB module to load the same-named module > from an APF library in the LNKLST) is needed for system integrity. > Would integrity be compromised somehow more by (from my simplistic > thinking) if I have a non-APF member in JOBLIB/STEPLIB and the > system fails the job with a S306 than it would be compromised by > bypassing the non-APF module and loading and executing the same- > named module from APF/LNKLST?
Integrity would be compromised if the system loaded an untrusted module which could be executed while running in an authorized state (in your case with EXEC PGM=IDCAMS, an APF-authorized job step). To prevent this situation, for requests made while running in an authorized state, the system loads modules only from trusted sources (APF authorized sources). The system bypasses modules from untrusted (unauthorized) sources. If the system finds a copy of the module in a trusted source, then it uses it, and there is no S306 abend. In your case, I am guessing that the search was limited to a single source (your STEPLIB DCB) because the requestor specified LSEARCH=YES with DCB=the steplib DCB. So LNKLST was not searched. If LSEARCH=YES had not been specified, the system would have continued on to search the LNKLST, found the requested module, and used it, with no S306 abend. This could be verified, and the requestor could be determined, from a dump of the S306 abend. Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
