Stop calling this a security problem. (but see below about the conf file) The security point for virtual machines is devices. If the device is available, then whatever the guest does is okay by definition.
Just because the current crop of security weebles don't "get it" does not a true problem make. They are going to have to figure out virtualization eventually. (Maybe compare MVS vols to USB sticks? Would the light bulb come on then?) If the security police don't want the disk (or flash drive) read and/or reformatted by (eg) the Windoze box, don't plug it in! If one wants to take issue with the config file being mis-tagged as a security solution, THAT is a legit beef. It's a doc issue. (Jacob was on this list a year ago. Guessing he still is, but please, debate it offline.) But again, it's outside the security model of virtualization. (Thankfully the name of that dataset does not have "sec" in it.) -- R; <>< Rick Troth Velocity Software http://www.velocitysoftware.com/ On Mon, Nov 7, 2011 at 12:39, Alan Altmark <alan_altm...@us.ibm.com> wrote: > On Monday, 11/07/2011 at 11:12 EST, Richard Gasiorowski <rgasi...@csc.com> > wrote: >> Robert - the read-only seemed harmless and as far as security that >> could get ugly, We sue CA TSS thru PAM calls and I would not want even >> ask what that would cause. really thank you for taking the time > > The bottom line is that unless you have a problem on z/OS that is solved > by mvsdasd, don't use it, as it adds problems of its own that don't have > good solutions. The security issues pretty much kill it. Definitely > read those old posts. > > Alan Altmark > > Senior Managing z/VM and Linux Consultant > IBM System Lab Services and Training > ibm.com/systems/services/labservices > office: 607.429.3323 > mobile; 607.321.7556 > alan_altm...@us.ibm.com > IBM Endicott > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
