On Wed, 13 Nov 2019 08:55:39 -0600, Jeffrey Holst wrote: >Does AUTHPGM require that the specified program have a non-zero AC or that it >be in an APF authorized library? > >I ask because it appears that a very clever user may have written a program >whose name matches a program in the AUTHPGM list. The program executes a macro >instruction that requires APF authorization. It appears that he was able to >successfully call it from TSO. > What does AUTHPGM protect, or rather what security hazard does the absence of a program from the AUTHPGM list specifically prevent? Can an expert outline a scenario?
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
