I have no experience with the PTF in action. I saw it during APPLY CHECK and decided immediately that I would EXCLUDE it in the real APPLY--which has not happened yet. I think we need some clarification from the RACF folks...
. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Zelden Sent: Friday, April 29, 2016 8:49 AM To: [email protected] Subject: (External):Re: OA49446 on RSU1603 - RACF / DFSMS change On Fri, 29 Apr 2016 07:15:09 -0400, Robert S. Hansel (RSH) <[email protected]> wrote: >(Cross-posting to RACF-L) > >Mark, > > >If this works as per my interpretation, then I think the concerns >raised by others are valid. If I can create an alias with a name to >which I have access that points to a dataset to which I do not have access, >I've now circumvented access controls for the latter. Unless my testing is invalid, I've already confirmed this is NOT true. The real data set name is checked for access as well. I wouldn't have thought IBM could be that inept to do something like that and create the biggest security hole ever seen on this platform (at least that I could recall)! Especially in the service stream. Best regards, Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS ITIL v3 Foundation Certified mailto:[email protected] Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://search390.techtarget.com/ateExperts/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
