Having run into the same problem (it seems like this is what you actually did): From another shared image:
DEF ALIAS (NAME(PAGE) RELATE(target mcat)) DEF PGSPC NAME(PAGE..... (TARG VOLSER)) ALTER (PAGE...) NEWNAME(......)) cat(target mcat) On the "dead image" PA PAGE=newname NO IPL. No muss. No fuss. ----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Jesse 1 Robinson Sent: Tuesday, December 3, 2019 6:40 PM To: [email protected] Subject: Re: AUTHPGM in IKJTSOxx I thought I was done with this thread, but today a new gotcha popped up. On one system, we ran out of local page space. We could log on (TSO) but could not start any task or submit any job. To avoid IPL, we needed to create another local page data set. Back in the halcyon days, if you're old enough to remember--and young enough to remember--we could use STEPCAT or JOBCAT to create page space on an adjacent system. Both of those options are long gone. Since we could logon to the depleted system, we tried using TSO DEF PAGESPACE. On the problem system, we got S338 abend. On another system, however, the command worked just fine. The actual solution was long and tortuous and not to be undertaken lightly. Afterwards, we looked in IKJTSO00. On the system where DEFINE worked, we found AUTHCMD NAMES( /* AUTHORIZED COMMANDS */ + DEFINE /* FOR AUTH AMS SVCS */ + Looks like an oversight, but in neither system did CPAC parmlib contain that line. So it may not be safe after all, but the solution undertaken is hardly safe either. It was do that or IPL. Advice? . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Seymour J Metz Sent: Wednesday, November 27, 2019 9:36 AM To: [email protected] Subject: (External):Re: AUTHPGM in IKJTSOxx Well, IBM ha documented a lot of the rules for authorized code. -- Shmuel (Seymour J.) Metz https://apc01.safelinks.protection.outlook.com/?url=http:%2F%2Fmason.gmu.edu%2F~smetz3&data=02%7C01%7Callan.staller%40HCL.COM%7Cb4032b5a27e6498c838e08d778528dd9%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637110168299751556&sdata=HPCDN%2B6tGaSTxDlzH2xVepH5djhchDUS2VKKHy6k3Ok%3D&reserved=0 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Michael Stein <[email protected]> Sent: Wednesday, November 27, 2019 12:20 AM To: [email protected] Subject: Re: AUTHPGM in IKJTSOxx On Tue, Nov 26, 2019 at 07:13:47PM +0000, Seymour J Metz wrote: > If you have update access to APF authorized libraries then you could > certainly write such a program, although a competent auditor would > read you the riot act if he found out. Exploiting a program that > follows the rules is harder. Figuring out the "rules" is hard. Following them is harder. It's very easy to get an authorized function to usually work. Writing the code so that it works and fails correctly and is secure is much harder.. For security it's usually best to let the hardware provide the security boundaries whereever possible (address space and protect keys). Write access to an APF library on a personal test system is really useful for education, development, and trying out system services. A non-shared test system doesn't have system stability or security issues to be concerned about. But be very careful NEVER to run that type of code on shared systems. I once traced instruction counts for a path of "hit enter once" type action. This involved turning on instruction fetch PER and disabled DAT off code to update a counter for each asid/instruction address. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
