Walt, not sure how your first paragraph invalidates my request or suggestion.
If an authorized program had the option to run a "sub-task" (in a very generic, non-MVS sense of the word task) non-authorized, how would doing so then present any more risk than if the user had simply submitted the "sub-task" as a job of its own, assuming the authorized software was not doing something egregiously stupid like passing a password in plaintext form or something like that. With regard to the second paragraph, how do I *know* that an IBM-supplied program is safe, other than by inspecting the source code or trusting that IBM would not ship something with security flaws? The former is not an option and the latter is kind of problematic given that people don't seem to agree on whether "without security flaws" should include the caveat that "if IBM didn't ship it AC=1, they are not claiming it is safe to run it authorized (as a "sub-task")." Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Monday, March 16, 2015 8:08 AM To: [email protected] Subject: Re: APF-authorized calling non-authorized On Sun, 15 Mar 2015 12:58:24 -0700, Charles Mills <[email protected]> wrote: >Agree with Gil's last comment 100%. Or give me an option: program Y does not >need authorization any more than it would if called natively. Why can't I have >the option to LINK to it APF=NO? > >FWIW, 'Y' will be hard-coded, and the user does not pass addresses, only >character strings, which I pass unmodified to Y. > I'm afraid that's not necessarily good enough, Charles. Some of the issues alluded to with SMP/E and security elsewhere in this thread (and at long length earlier in the IBM-MAIN archives) involved situations where the user supplies character string parameters or control statements to non-APF utilities invoked by the APF-authorized SMP/E. It really comes down to knowing what the utility is that you're invoking, and what kind of parameters and control statements it will process, before you can know if it's safe. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
