On Thu, 17 Nov 2016 17:29:28 +0530, Peter wrote: >There are two datasets in STEPLIB. The Dataset1 which has the failing >modules is already APFed. Still the STC fails and it was fixed once the >second dataset was APFed. > >I am trying to understand why would STC expect the second dataset in >steplib in APF though the calling module is in 1st dataset ? > >Could some one please explain me ?
The reason is this. When you execute an APF authorized program, everything that runs in that address space is authorized. There is no way for the system to know what program is active at every moment. When you call a program that you have previously LOADed, the system has no mechanism to detect that the call was done. The presence of a load library in STEPLIB that is not authorized creates an integrity exposure because the APF authorized program can call a program that is not authorized. This could happen, for example, if the non-authorized library contains a module with the same name as one in the authorized library. If a mixed concatenation were allowed, anyone could create a module that would receive control in an authorized state, thus compromising system integrity. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
