A program running APF-authorized (jobstep program or not) can pretty much do anything it wants. Those few things it cannot do -- it can give itself permission to do. THAT is the essence of the problem.
So the program must be (a) designed correctly and (b) checked very carefully before it is put in an authorized library (or, of course, the library it is in is authorized). (a) would include not branching to (or modifying storage at!) addresses that are passed from arbitrary callers (or, I suppose, random addresses). (a) is a serious issue. It is an easy error to design with insufficient caution e.g. a PC linkage in which a control block is passed that contains buffer pointers, exit routine addresses, etc. One must be very careful to validate addresses as being appropriately accessible by the caller, and to validate that exit routines are only passed by authorized (or the equivalent) callers. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Sunday, November 17, 2019 5:10 PM To: [email protected] Subject: Re: AUTHPGM in IKJTSOxx ...snip ... I respectfully differ. A program executed as the job step task and running in authorized state which can branch to an arbitrary address, not necessarily an entry point, in its address space, even in its own code, specified by a non-privileged user presents an indeterminate hazard. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
