On Mon, 16 Jul 2018 16:07:38 +0000, Jesse 1 Robinson wrote: >The shop I worked in was a bank that ran IBM's CPCS check processing software. >I don't know why, but the main CPCS task had to run APF and required that all >called programs also come from APF libraries. Even the most ho-hum benign >programs. > Well, yes , but even programs marked AC=0 but called in that fashion will run authorized and must be subject to the same security scrutiny as the parent.
>Add to that requirement a corporate sucurity policy against running production >jobs from STEPLIB/JOBLIB on the grounds that link list libraries could be >'monitored', but who knew what might live in private libraries. The resulting >effect on LNKLSTxx was significant. > There's something dreadfully wrong with IBM's security model. But I guess you're not allowed to shoot them; they did the best they could with the resources they had. >-----Original Message----- >From: Seymour J Metz >Sent: Monday, July 16, 2018 8:22 AM > >Be careful what you ask for; you might get it. Some APF programs invoke >non-APF programs. > >________________________________________ >From: Charles Mills >Sent: Sunday, July 15, 2018 10:04 PM > >Putting on my security preacher hat, I might argue that programs that do not >need APF (i.e., test successfully without it) should not be in an APF library. >Granted, your story is from simpler times (I would assume). -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
