On Wed, Sep 2, 2015 at 7:05 AM, Paul Gilmartin < [email protected]> wrote:
> On Tue, 1 Sep 2015 10:03:46 -0500, Walt Farrell wrote: > >>> > >>I can imagine a DoS attack in which an unauthorized user bogarts a > QNAME/RNAME > >>generally used by an authorized facility. But such contention could > arise entirely > >>among unauthorized users. > > > >Yes, contention could arise strictly between unauthorized users, and that > is OK in the sense that it could not contribute to a system integrity > exposure. > > > >>Are there, perhaps, RACF rules to restrict use of selected QNAMEs to > specified user profiles? > > > Alas, the system is designed to protect itself from mischievous users, but > not to protect > the mischievous users from each other. > > But maybe it doesn't matter. I wonder if Bad Things happen if the > mischievous > user simply codes: > > //STEP EXEC PGM=IEFBR14,COND=(0,LE) > //FILE DD DISP=OLD,DSN=SYS1.LINKLIB (SYS1.**, ad lib.) > > -- gil > A JOB with that particular DSN in it with DISP=OLD will never run. SYS1.LINKLIB is share enqueued by both LLA and XCFAS on a normally running system. Yes, they can be released by stopping LLA and do an UNALLOCATE command: SETPROG LNKLIST,UNALLOCATE but a regular user should not be able to do that. But you really could irritate a bunch of programmers by doing: //WAITABIT EXEC PGM=BPXBATCH, // PARM='SH sleep 30m' //STDIN DD DUMMY //STDOUT DD SYSOUT=* //STDERR DD SYSOUT=* //* //IRRITATE EXEC PGM=IEFBR14 //DD1 DD DISP=OLD,DSN=... some production COPY library ... // -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
