It is possible for a program to set its own address space temporarily to SPECIAL, which allows the user to subsequently issue RACF commands. That program itself must run APF authorized in the first place and--if properly coded--would contain a RACHECK against some controlling SAF resource to (severely) limit usage.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of scott Ford Sent: Monday, November 18, 2019 7:54 AM To: [email protected] Subject: (External):Re: AUTHPGM in IKJTSOxx So guys, stupid question what about a STC that provisions for RACF, etc. But the design is as a normal generalized user, but with a id with SPECIAL that is invoked only during the time of passing the command to RACF ? Does it have to be APF authorized for RACF command access or am i misunderstanding my readings ? Scott On Mon, Nov 18, 2019 at 10:19 AM Charles Mills <[email protected]> wrote: > A program running APF-authorized (jobstep program or not) can pretty > much do anything it wants. Those few things it cannot do -- it can > give itself permission to do. THAT is the essence of the problem. > > So the program must be (a) designed correctly and (b) checked very > carefully before it is put in an authorized library (or, of course, > the library it is in is authorized). > > (a) would include not branching to (or modifying storage at!) > addresses that are passed from arbitrary callers (or, I suppose, random > addresses). > > (a) is a serious issue. It is an easy error to design with > insufficient caution e.g. a PC linkage in which a control block is > passed that contains buffer pointers, exit routine addresses, etc. One > must be very careful to validate addresses as being appropriately > accessible by the caller, and to validate that exit routines are only > passed by authorized (or the > equivalent) callers. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of Paul Gilmartin > Sent: Sunday, November 17, 2019 5:10 PM > To: [email protected] > Subject: Re: AUTHPGM in IKJTSOxx > > ...snip ... > > I respectfully differ. A program executed as the job step task and > running in authorized state which can branch to an arbitrary address, > not necessarily an entry point, in its address space, even in its own > code, specified by a non-privileged user presents an indeterminate > hazard. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > -- *IDMWORKS * Scott Ford z/OS Dev. “By elevating a friend or Collegue you elevate yourself, by demeaning a friend or collegue you demean yourself” www.idmworks.com [email protected] Blog: www.idmworks.com/blog *The information contained in this email message and any attachment may be privileged, confidential, proprietary or otherwise protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this message and any attachment is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and permanently delete it from your computer and destroy any printout thereof.* ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
