Various IBM applications accept extended parameter lists that may specify the addresses of exits. Putting such an application in AUTHPGM would be a disaster.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Paul Gilmartin <[email protected]> Sent: Friday, November 15, 2019 2:47 PM To: [email protected] Subject: Re: AUTHPGM in IKJTSOxx On Wed, 13 Nov 2019 08:55:39 -0600, Jeffrey Holst wrote: >Does AUTHPGM require that the specified program have a non-zero AC or that it >be in an APF authorized library? > >I ask because it appears that a very clever user may have written a program >whose name matches a program in the AUTHPGM list. The program executes a macro >instruction that requires APF authorization. It appears that he was able to >successfully call it from TSO. > What does AUTHPGM protect, or rather what security hazard does the absence of a program from the AUTHPGM list specifically prevent? Can an expert outline a scenario? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
