Mostly true, but there is a mechanism for authorized code to run unauthorized subtasks. If you know enough to do it safely then you already know who does it and how.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Charles Mills <[email protected]> Sent: Monday, July 16, 2018 12:50 PM To: [email protected] Subject: Re: Linklist and APF > even programs marked AC=0 but called in that fashion will run authorized It is the jobstep that is APF-authorized. Any code in the address space, no matter how it got there*, will effectively "run authorized." *Yes, I know there are restrictions on how you can get code there**, but having gotten it there, no matter how you got it there, it will "run authorized." **No fetches from unauthorized libraries, for example. But you could build machine code yourself in a GETMAIN area and it will "run authorized." No AC=anything at all. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Monday, July 16, 2018 9:33 AM To: [email protected] Subject: Re: Linklist and APF On Mon, 16 Jul 2018 16:07:38 +0000, Jesse 1 Robinson wrote: >The shop I worked in was a bank that ran IBM's CPCS check processing software. >I don't know why, but the main CPCS task had to run APF and required that all >called programs also come from APF libraries. Even the most ho-hum benign >programs. > Well, yes , but even programs marked AC=0 but called in that fashion will run authorized and must be subject to the same security scrutiny as the parent. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
