On Sat, 2 Nov 2019 18:53:35 +0000, Jon Perryman wrote: > ... >How many people ignore that AOPBATCH and COZBATCH execute in the callers >address space and think it's always a good thing! When called from a program, >you are exposing anything running in the address space to various problems and >security exposures. BPXBATCH eliminates this consideration. If IBM fixes this >exposure, then AOPBATCH loses the features you treasure. > I see. But I need enlightment. Doesn't any program object invoked by // EXEC PGM= execute in the initiator's address space? Else ENQs and DDNAMEs created by the initiator would not be available to the target program. Does this create the same exposure? Does the initiator protect itself by keeping its own storage all in system key or protected by segment protection? Is AOPBATCH not protected the same way? Is there the same exposure for any user-coded program that uses LINK or ATTACH? How does the exposure compare with BPX1SPN BPX_SHAREAS=MUST /bin/sh?
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
