If the called program having AC(1) fetched from an APF authorized dataset, it will be executed with no problem as the environment itself is considered (pure) authorized.
ITschak ITschak Mugzach Z/OS, ISV Products and Application Security & Risk Assessments Professional On Fri, Oct 21, 2016 at 9:42 PM, John McKown <[email protected]> wrote: > On Fri, Oct 21, 2016 at 1:28 PM, Itschak Mugzach <[email protected]> > wrote: > > > One more thing to remember. System Rexx is an Authorized environment, > while > > IKJTSO00 is not. THis is a big difference. > > > > ITschak > > > > ITschak Mugzach > > Z/OS, ISV Products and Application Security & Risk Assessments > Professional > > > > > ​Hum, I really hadn't ever thought about that. Does that mean that any > program I run using something like ADDRESS LINK SOMEPROG is running with > APF authorization? At present, I'm mainly using AXRCMD() and AXRWTO() for > some automated operations type functionality and also BPXWUNIX. I doubt > that this use of BPXUNIX is a consideration because it runs the command > specified in a separate address space via a spawn() of /bin/sh, which > itself is not APF authorized. > > > -- > Heisenberg may have been here. > > Unicode: http://xkcd.com/1726/ > > Maranatha! <>< > John McKown > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
