The situation would be that the client routes a command to the server on the 
host which routes it to a dependent ASID. The DA gets the ACEE of the user and 
executes the command via IJKEFTSR. The command is one of a suite of
Rexx execs in a library allocated to the DA which executes ISPF services (eg, 
to copy some members). Without wilful 
collaboration of a sysprog I am struggling to see how this could be subverted 
by a malicious user. However, if you can see something please let me know!

Thanks
Robin

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Tom Marchant
Sent: 19 May 2017 01:47
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: ATTACH with RSAPF=YES

On Thu, 18 May 2017 08:09:03 -0700, Charles Mills wrote:

>I hope you are getting the idea how risky this entire approach is. You 
>are playing "you bet your mainframe." You might get it right today....

And if you don't get it right, you might discover that, or you might not. 
It is very difficult to demonstrate that you have not created an integrity 
exposure.

--
Tom Marchant

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to