On Mon, 16 Mar 2015 08:33:31 -0700, Charles Mills wrote: >If an authorized program had the option to run a "sub-task" (in a >very generic, non-MVS sense of the word task) non-authorized, >how would doing so then present any more risk than if the user had >simply submitted the "sub-task" as a job of its own, assuming the >authorized software was not doing something egregiously stupid like >passing a password in plaintext form or something like that.
The difference is that the sub-task is running in the same address space, with access to all of the same storage. If your APF-authorized program is reentrant, therefore loaded into key 0 storage, that helps some. If all of the storage that you need for your processing is system key, that helps too. I am pushing the limits of my understanding, but this topic has come up several times in the past. Check the archives if you want to know more. >With regard to the second paragraph, how do I *know* that an >IBM-supplied program is safe, other than by inspecting the source >code or trusting that IBM would not ship something with security >flaws? The former is not an option and the latter is kind of >problematic given that people don't seem to agree on whether >"without security flaws" should include the caveat that "if IBM didn't >ship it AC=1, they are not claiming it is safe to run it authorized (as >a "sub-task")." Doesn't Peter Relson's append help: On Mon, 16 Mar 2015 07:59:34 -0400, Peter Relson wrote: >IBM asserts nothing, as Shmuel said, other than that modules that it >provides in APF-authorized libraries are suitable for invocation in an >APF-authorized environment (and do not introduce system integrity >exposures if they are invoked in that environment, or will take an APAR if >they do) and that it is your responsibility to manage what you put into >APF-authorized libraries to that same level of responsibility. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
