> This question related back to the thread "ATTACH with RSAPF=YES" in which > the OP apparently wants a way to invoke a module from a non-APF authorized > library from a program which is running APF authorized. In today's > environment, the "simple" way (OPEN a DCB to a DDNAME which has the library > allocated to it, LINKX using DCB=) will result in an S306-C abend. > > So, first question is: Is this sort of things a reasonable desire? I don't > have a personal opinion.
This is not a reasonable desire. For security purposes, you want only trusted modules running APF-authorized. APF-authorization of library is the mechanism we use to determine whether or not a module is trusted. > We did have this "need" in that we run an STC which requires APF > authorization. The vendor program needed a user-written subroutine in order > to "decode" some data fields into something it could recognize and process. > This subroutine was written by our programmer in COBOL. The last step of > implementation required that a sysprog copy the program object from the > production LIBRARY into the proper APF library. When you copied it into the APF-authorized library, you were telling the system that you trusted that module to be safe (from a system integrity/security point of view) to run in a APF-authorized environment. > Second question: IBM doesn't really like to be given a request with a > "implement this way" addendum. Which is reasonable. But I was trying to > think of a way to implement something like this myself using "magic". What > occurred to me is to look into using the MVS subspace facility. I don't > know much about it other than that CICS uses it to protect the CICS > "kernel" data areas from modification by user programs (running KEY=USER). > Seems like a decent idea to me. What say ye? The subspace architecture was designed for RAS purposes, to help avoid accidental storage overlays by CICS transaction programs. This architecture is not designed for system integrity purposes. It is not intended to be able to prevent a malicious program from escaping from the scope of a subspace. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
