On 01/06/2016 12:25 AM, Andy Higgins wrote:
Does OA48775 provide this?
http://publibz.boulder.ibm.com/zoslib/pdf/OA48775.pdf
It does look like a step in the right direction, that I was unaware of.
Reading the fine print, it requires a "clean program-controlled
environment". I'm not sure whether that allows e.g. writing the JZOS
records, particularly if you had any JNI code. Without the clean
environment you need access to the basic BPX.SMF.
It's still not a complete solution though. I think it's important to be
able to identify the writer of the SMF record, so ideally you would have
an interface that wrapped untrusted information into a new SMF record
that included a header identifying the origin userid and address space.
That way, if you had something writing bad records it would be
relatively easy to identify and exclude them.
The JZOS records look very useful, but I'm not sure whether the security
issue means that sites should not normally be using them.
Andrew Rowley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
