On any currently supported release of z/OS,  in DIAGxx, you can specify

ALLOWUSERKEYCADS(NO)

  This will cause a 01D-xx0015xx  abend when an attempt is made
to obtain a user key (8-15) SCOPE=COMMON data space. 

On z/OS 2.3 (but not on lower releases),  in DIAGxx,  you can specify

NUCLABEL ENABLE(IARXLUK2)

  This will cause a 08F-1C abend when an attempt is made to use
CHANGKEY to change subpool 247 or 248 common storage to
 a user key (8-15).


 I will look into getting this documentation added to APAR OA53355.

Jim Mulder z/OS Diagnosis, Design, Development, Test  IBM Corp. 
Poughkeepsie NY


>From: Tom Conley <[email protected]>
>Reply-To: IBM Mainframe Discussion List <[email protected]>
>Date: Fri, 6 Apr 2018 12:54:20 -0400

>IBM messed this up in at least three ways.

.....

>2.  The new user key common exploits WERE NOT given DIAGxx traps to 
>prevent their exploitation.  You can apparently stop them with SLIP 
>TRAPs that create unsightly abends.

........


>Deal with any or all three of these.  We'll likely have to submit RFE's 
>to get DIAG traps that should have been GA with the APAR.

>Regards,
>Tom Conley


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to