On Sun, 29 Oct 2017 16:00:20 +0100 Peter Hunkeler <[email protected]> wrote:
:>>The TSO TMP is designed to be attached only by EXEC PGM=IKJEFTxx, or by the TSO/E Session Manager (when Session Manager is the EXEC PGM= on the logon proc). Attaching the TMP by any other program is unsupported. :>>Attaching the TMP in an IMS dependent region or a CICS AOR will violate the System Integrity and thus the security of your system, since it will allow the unauthorized transaction programs in those regions to take over the system in anyway that they desire. :>This raises the question then, why does IKJEFTxx *not* check this and fail if not run as job step task? Because it requires APF to invoke the TMP. And if you allow your CICS or IMS to run APF, this is the least of your problems. MVS provides the child hammer for non-APF and the real hammer for APF. You want to use it on your toes, go ahead. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
