I second what Walt said as we I am a security provisioning designer working on z/OS from a ISV
On Sun, Mar 19, 2017 at 7:38 AM Walt Farrell <[email protected]> wrote: > On Sun, 19 Mar 2017 07:00:27 +0000, Mark Wilson <[email protected]> > wrote: > > > > >Just following up on your comment re your curiosity re IEFOPZxx debate on > the GSE UK LSG Agenda. > > > > > >We will debate IEFOPZ from two perspectives: > > > > > >The first being how, why and when to use it, as its one of those topics > that can potentially just slip by if the techies are not paying > > >attention. > > > > > >The second and the more interesting discussion will be around any > potential security issues that could be exploited, by a rogue user, > > >who has update or higher access to PARMLIB, couple with some patience or > the ability to dynamically enable this for a given program. > > > > > >Given they could introduce their own code into the system, there are > several security questions to be asked: > > > > Speaking as a former security designer for z/OS, I have to say that if a > rogue user has update access to PARMLIB you have a lot more than IEFOPZxx > to worry about. > > > > -- > > Walt > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > -- Scott Ford IDMWORKS z/OS Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
