OK, so I opened a Q&A PMR with IBM on this topic. Mostly about implementation with regards to software remediation if accessing PSASTAK. My question was whether or not OSPROTECT=SYSTEM (lowest setting) would cause these apps to fail, or if the next level would be where the problem would surface.... Reason why question is important to me, at the lowest setting, backing out means regressing z/OS maint, and IPLing vs just changing the OSPROTECT setting, and IPLing....a huge difference. I get the cloak of secrecy with regards to vulnerabilities, but c'mon IBM, help me come up with a viable implementation plan.....I guess in the absence of more concrete information, I'll have to prepare for having everything remediated before the PTF goes on z/OS and have an extended burn-in period as we migrate this out.
My response from IBM was: "As much as I would be happy to address new questions, they touch on important and not disclosed details regarding the OSPROTECT implementation. It is very regrettable but we may not provide more information on the new option than what may be found in the downloadable Documentation Updates for APAR OA54807." -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Jousma, David Sent: Friday, September 07, 2018 12:54 PM To: [email protected] Subject: Re: Spectre/Meltdown APAR - OA54807 **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** I am holding off for now, so that we can call all of our software vendors as well as get the preq MCL's installed on our z14s. From what I have read, there is no way to install the fixes, and continue to run with it fully off while we make those vendor calls. I suspect we'll tackle this early next year and run an extended maintenance cycle in our non-prod environments to allow for plenty of burn-in. the other part of this is that it is an IPL to turn on OSPROTECT=1 and another IPL to turn it back off (SYSTEM mode) if problems are encountered. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Phillips, Thomas Sent: Thursday, September 06, 2018 3:38 PM To: [email protected] Subject: Spectre/Meltdown APAR - OA54807 **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** Has anyone installed OA54807? If so, did you see any performance impacts? Any other gotchas that you'd like to share? Has anyone implemented OSPROTECT=1? Thanks, Tom Phillips Principal Financial Group Classification: Internal Use -----Message Disclaimer----- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to [email protected] and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message. If you no longer wish to receive any further solicitation from the Principal Financial Group you may unsubscribe at https://www.principal.com/do-not-contact-form any time. If you are a Canadian resident and no longer wish to receive commercial electronic messages you may unsubscribe at https://www.principal.com/do-not-email-request-canadian-residents any time. This message was secured by Zix(R). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
