A corollary to this is that you should ONLY define those programs which have been explicitly designed and tested to run as job step programs as AC (1). There is no need (and could present an integrity exposure) if you link modules not designed to run as job step programs with AC(1). ============================================== Wayne Driscoll OMEGAMON DB2 L3 Support/Development wdrisco(at)us(dot)ibm(dot)com All opinions are mine, and do not represent IBM Corporation. ==============================================
IBM Mainframe Discussion List <[email protected]> wrote on 03/15/2015 12:40:54 PM: > From: "Shmuel Metz (Seymour J.)" <[email protected]> > To: [email protected] > Date: 03/15/2015 12:45 PM > Subject: Re: [IBM-MAIN] APF-authorized calling non-authorized > Sent by: IBM Mainframe Discussion List <[email protected]> > > In <[email protected]>, on 03/15/2015 > at 06:43 PM, Binyamin Dissen <[email protected]> said: > > >Since it is placed in an APF library, the installation (or IBM) > >has declared that it will not create an exposure. > > Not even close. All that IBM has declared is that none of the AC(1) > routines will call anything that cannot safely run authorized. An > AC(0) routine in an authorized library that is never called from an > AC(1) routine does not create a security exposure. IB< has declared > that if you write an AC(1) routine it is your responsibility to only > call things that you know are safe. > > -- > Shmuel (Seymour J.) Metz, SysProg and JOAT > ISO position; see <http://patriot.net/~shmuel/resume/brief.html> > We don't care. We don't have to care, we're Congress. > (S877: The Shut up and Eat Your spam act of 2003) > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
