On Sun, 17 Nov 2019 00:33:29 +0000, Leonardo Vaz wrote: > >But wouldn’t that program be violating system integrity even if not placed on >AUTHPGM? The user could execute it batch first example and change his ACEE or >anything else. > I think, sure. Pass it the address of some code in LPA or elsewhere, but bypass a necessary integrity check. The flaw is in the design of such a program and the exposure is akin to a buffer overrun's allowing a branch to an arbitrary address.
> I guess depending on the authorized program code, it might keep integrity > when executed under its own address space but if it executed under TSO it > might allow other units of work to run something they shouldn’t be able to, i > think it would have to be something really specific and it’s still unclear to > me why AUTHPGM exists. >> On Nov 16, 2019, at 4:17 PM, Walt Farrell wrote: >> ... >> For example, consider a program which accepts as a parameter the address >> (not the name) of some code to be executed as a kind of subroutine. >> >> Now consider what might happen if you were to link that program with AC(1), >> place it in a library that MVS considers APF-authorized, and put its name in >> AUTHPGM. At that point any TSO user could: >> (1) Write a program that had some malicious code in it. >> (2) Invoke your program using IKJEFTSR and passing the address of the >> malicious code. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
