On any currently supported release of z/OS, in DIAGxx, you can specify ALLOWUSERKEYCADS(NO)
This will cause a 01D-xx0015xx abend when an attempt is made to obtain a user key (8-15) SCOPE=COMMON data space. On z/OS 2.3 (but not on lower releases), in DIAGxx, you can specify NUCLABEL ENABLE(IARXLUK2) This will cause a 08F-1C abend when an attempt is made to use CHANGKEY to change subpool 247 or 248 common storage to a user key (8-15). I will look into getting this documentation added to APAR OA53355. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY >From: Tom Conley <[email protected]> >Reply-To: IBM Mainframe Discussion List <[email protected]> >Date: Fri, 6 Apr 2018 12:54:20 -0400 >IBM messed this up in at least three ways. ..... >2. The new user key common exploits WERE NOT given DIAGxx traps to >prevent their exploitation. You can apparently stop them with SLIP >TRAPs that create unsightly abends. ........ >Deal with any or all three of these. We'll likely have to submit RFE's >to get DIAG traps that should have been GA with the APAR. >Regards, >Tom Conley ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
