Does AUTHPGM require that the specified program have a non-zero AC or that it be in an APF authorized library?
I ask because it appears that a very clever user may have written a program whose name matches a program in the AUTHPGM list. The program executes a macro instruction that requires APF authorization. It appears that he was able to successfully call it from TSO. If this is the case, is there a way to secure this. If this is not supposed to work this way, this would seem to be an integrity issue that is worthy of a PMR. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
