Re: SMFLIMxx sample?
The developer is aware of this need, but suggests that you submit an RFE to request this function. RFEs are helpful when the decisions are being made as to which items get funded. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY > I looked at SMFLIMxx and was disappointed that only region > specifications can be moved from IEFUSI, not the data/hiperspace > controls (WORD 7). Why not? Just like we want some control over > regionsize and memlimit, we don't want to allow unlimited hiper/ > dataspaces to be created. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On Fri, Jul 7, 2017 at 8:05 AM, Barbara Nitzwrote: > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and we > were both astonished that I was easily able to fake a userid as the one who > last changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF control > that would prevent this type of manipulation, especially since the userids > in those statistics are widely used as evidence. Does anyone know if there > are such RACF controls? A quick search in the ISPF books didn't turn up any > hint. > > Barbara > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > I hijack the USERID field often (using "G" next to the member in ISPF, or "Z" with DSC/IPT) to put additional info about the member. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
Evidence of what Barb ? Don't hang anyone on this evidence. Anyone with update access to the pds can update this field.. I do it all the time to source code libraries to set the version level in the uid field. I can't think how you would do it. The ds name in the RACF call will not contain a member name just the pds name as it is the directory which is being updated. Maybe an ISPF exit ? On Fri, Jul 7, 2017 at 8:05 AM, Barbara Nitzwrote: > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and we > were both astonished that I was easily able to fake a userid as the one who > last changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF control > that would prevent this type of manipulation, especially since the userids > in those statistics are widely used as evidence. Does anyone know if there > are such RACF controls? A quick search in the ISPF books didn't turn up any > hint. > > Barbara > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: PL/I CHARACTER(*) VARYING question
Frank Swarbrick wrote: For PL/I experts: Can a PL/I procedure declared with a CHARACTER(*) VARYING parm be called passing a CHARACTER VARYINGZ or CHARACTER VARYING4 argument? Thanks, Frank Those are different data attributes, but the answer is "kinda yes". The VARYINGZ and VARYING4 value should be converted to a VARYING string (in a compiler-allocated temporary variable) and that temporary would be passed. For example, you can pass a FIXED BIN(31,0) to a procedure with a CHARACTER(*) VARYING. The integer would be converted and passed... At least - I believe that would be the proper semantics. You might consider asking the question on comp.lang.pl1 as well; were more seasoned PL/I skills than mine are available. - Dave Rivers - -- riv...@dignus.comWork: (919) 676-0847 Get your mainframe programming tools at http://www.dignus.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On Fri, 7 Jul 2017 08:05:42 -0500, Barbara Nitz wrote: >A colleague of mine just asked me if ISPF statistics in a data set, especially >the USERID field, can be manipulated. We used ISPF 3.5 and we were both >astonished that I was easily able to fake a userid as the one who last changed >a member (testing in my own dataset, of course). > >This immediately raised the question for me if there is any RACF control that >would prevent this type of manipulation, especially since the userids in those >statistics are widely used as evidence. Does anyone know if there are such >RACF controls? A quick search in the ISPF books didn't turn up any hint. > Use UNIX files rather than PDS members. The analogous "chown" is a privileged command. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
PL/I CHARACTER(*) VARYING question
For PL/I experts: Can a PL/I procedure declared with a CHARACTER(*) VARYING parm be called passing a CHARACTER VARYINGZ or CHARACTER VARYING4 argument? Thanks, Frank -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
Free PDS command on CBT Tape can do this, see the ATTRIB subcommand: SYNTAX - ATTRIB member AMODE24/AMODE31/AMODE64/AMODEANY AUTH/NOAUTH or APF/NOAPF DC/NODC EDIT/NOEDIT ENTRY(externalname) EXEC/NOEXEC LOADONLY/NOLOADONLY PAGE/NOPAGE REFR/NOREFR RENT/NORENT REUS/NOREUS RLDFIX/NORLDFIX RMODE24/RMODEANY SSI(hxdata)/NOSSI UNALIAS NONE / ADDSTATS VER(nn) / MOD(mm) / ID(who) / USERID(who) CREATED(mm/dd/yy) MODIFIED(mm/dd/yy) LAST(mm/dd/yy) TIME(hhmm) SECS(ss) LKEDDATE/NOLKEDDATE ALIASINFO/NOALIASINFO As far as I know the vendor version 'StarTool' still does this too, I haven't worked with that in years though. Dana On Fri, 7 Jul 2017 16:56:09 +0200, R.S.wrote: > >...except the dates. >Sometimes I want to change the date (just to prepare "installation >package", no cheating). >Is there any method to change the dates? >I mean set the date to something like 1999-09-09, not just reset. > > >-- >Radoslaw Skorupka >Lodz, Poland > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On 7/7/2017 11:07 AM, Paul Gilmartin wrote: I'm curious what else might lurk in that "PDSE AX cell". Perhaps an immutable creator ID? 8 characters in z/OS 2.3? Note that 8-byte userid support was added to MVS way back in 1995. Only TSO/E lagged behind... .* $04=OW13376 HBB4420 950329 PD81XZ: Add ASXBUSR8 ASXBUSR8 DS0CL88-byte version of ASXBUSER @04A ASXBUSER DSCL7 - USER ID FOR WHICH THE JOB OR SESSION * IS BEING EXECUTED (MDC306) @Z40RP9A DSB - Last byte of ASXBUSR8. ASXBSECR @04A * and ASXBSFLG are deleted -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
DB2 Ver. 8.1 running on z/OS 2.1?
Anyone running DB2 version 8.1 on z/OS 2.1? I'm looking to verify, any links or information would be appreciated. Thank You. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On Fri, 7 Jul 2017 13:17:52 -0400, Tony Harminc wrote: > >It will surprise me if IBM hasn't given some serious thought to this >for PDSEs. A formally managed interface to PDSE member metadata, >subject to RACF etc. controls, would be quite doable. Of course it >would be tricky to make it compatible, but since you already can't do >EXCP to a PDSE, it might not be so hard to capture STOW and subject it >to security controls. Or provide a brand new member metadata API that >is unrelated to the existing directory userdata. > In: z/OSIBM Network File System Guide and Reference Version 2 Release 2 SC23-6883-02 I read: Time stamps for PDSs and PDSEs ... 2. MVS maintains the PDSE member create/change time stamp (mtime) in the PDSE AX cell. The Server uses a FileAccessMethodService (FAMS) call to retrieve/save the member attributes (containing time stamps) from/to the PDSE AX cell. It's hard to learn more about this FAMS thingy. I suspect IBM doesn't want us to know. One interesting thing is that when a PDSE is NFS mounted on a Solaris system, the "ls -l" command shows file timestamps with microsecond granularity for members never touched by ISPF. If I migrate that PDSE and recall it, those timestamps are preserved. If I copy that PDSE with IEBCOPY, the timestamps are reset to the time that I performed the copy. I'm curious what else might lurk in that "PDSE AX cell". Perhaps an immutable creator ID? 8 characters in z/OS 2.3? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Z performance question #1 - AR mode
There should be no performance cost, other than the cost of the instructions to manipulate the access registers, as long as an access register is loaded far enough in advance of its use to avoid a pipeline delay, and for an ALET other than 0 or 1, there is already an ALB entry, so that Access Register Translation is avoided. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY > How big is the performance cost of running ARMODE? > > Should there be a section of code that uses only ALET 0, is it best to go into > primary mode for that section? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
Here is something I wrote a while back. (I pulled out some proprietary code, but this should work). Enjoy. Ren Example to test: /* REXX */? pds_nam = '.BBB.CCC' mbrnam = 'CCC' m_dat_4 = '2014/11/07' c_dat_4 = '2014/11/07' c_dat = Substr(c_dat_4,3) m_dat = Substr(m_dat_4,3) m_tim = '14:51:11' use_r = 'ABCDEF' xx = F@UPDSTA('ONLINE' pds_nam mbrnam m_dat m_dat_4 m_tim c_dat c_dat_4 use_r) Exit Code: /* REXX - MEMBER: F@UPDSTA - 08/15/16 11:15:41 <=== LAST UPDATE */ /*= F@UPDSTA Description: Function - Update/create PDS Member stats from passed info Purpose: Will update or create member stats for the member: mbrnam, in the pds: pds_nam. Usage: xx = F@UPdsta(‘ONLINE’ pds_nam mbrnam m_dat m_dat_4 m_tim c_dat c_dat_4 use_r) Note: m_dat, m_dat_4, m_tim c_dat and c_dat_4 can be spaces use_r is the RACF ID If m_dat and m_dat_4 and m_tim are populated they will be used and c_dat and c_dat_4 will be unchanged cc = 0 for normal completion cc = 16 if missing pds or member name cc = nn for other errors =*/ Arg type pds_nam mbrnam m_dat m_dat_4 m_tim c_dat c_dat_4 use_r Parse Source . . cmdnam . If pds_nam = '';Then Signal Err_Missing_PDS_NAME If mbrnam = '';Then Signal Err_Missing_MBRNAM dd_nam = 'STATSPDS' zerrhm = 'ISR3' zerralrm = 'YES' pds_nam = Strip(Translate(pds_nam,"","'")) /* strip quotes */ If Msg() <> 'OFF';Then x = Msg('OFF') "FREE FI("dd_nam")" "FREE DATASET('"pds_nam"')" "ALLOC FI("dd_nam") DA('"pds_nam"') SHR" cc = rc If cc <> 0;Then do x = Msg('ON') Trace 'R' "ALLOC FI("dd_nam") DA('"pds_nam"') SHR" cc = rc Trace 'O' If Msg() <> 'OFF';Then x = Msg('OFF') If cc <> 0;Then Signal Err_AllOC End Address "ISPEXEC" "LMINIT DATAID(DATAID01) DDNAME("dd_nam") ENQ(MOD)" cc = rc If cc <> 0;Then Signal Err_Lminit Address "ISPEXEC" "LMOPEN DATAID("dataid01") OPTION(INPUT)" cc = rc If cc <> 0;Then Signal Err_Exit Call Get_Existing_Stats Call Update_Stats Z99: Address "ISPEXEC" "LMMLIST DATAID("dataid01") OPTION(FREE)" dd = rc Address "ISPEXEC" "LMCLOSE DATAID("dataid01")" dd = rc Address "ISPEXEC" "LMFREE DATAID("dataid01")" dd = rc "FREE FI("dd_nam")" "FREE DATASET('"pds_nam"')" Return cc Get_existing_stats: Address "ISPEXEC" "LMMLIST DATAID("dataid01")", "MEMBER("mbrnam")", "STATS(YES)", "PATTERN("mbrnam")", "OPTION(LIST)" cc = rc If cc = 4;Then do mdate = '/??/??' mtime = '??:??:??' c_dat = '' m_dat = '' c_dat_4 = '' m_dat_4 = '' m_tim = '' zlcnorc = '' zlinorc = '' use_r = '' cc = 0 End /* of cc = 4 */ If c_dat = '';Then do If zlcdate = 'ZLCDATE', | zlcdate = '';Then flcdate ='' Else flcdate = zlcdate End Else flcdate = c_dat If m_dat = '';Then do If zlmdate = 'ZLMDATE', | zlmdate = '';Then flmdate ='' Else flmdate = zlmdate End Else flmdate = m_dat If c_dat_4 = '';Then do If zlc4date = 'ZLC4DATE';Then flc4date = '' Else flc4date = zlc4date End Else flc4date = c_dat_4 If m_dat_4 = '';Then do If zlm4date = 'ZLM4DATE';Then flm4date = '' Else flm4date = zlm4date End Else flm4date = m_dat_4 If m_tim = '';Then do If zlmtime = 'ZLMTIME';Then flmtime = '' Else flmtime = zlmtime End Else flmtime = m_tim If zlcnorc = 'ZLCNORC';Then flcnorc = ' ' Else flcnorc = Right(zlcnorc,8,' ') If zlinorc = 'ZLINORC';Then flinorc = ' ' Else flinorc = Right(zlinorc,8,' ') If use_r = '';Then do If zluser = 'ZLUSER';Then fluser = '' Else fluser = zluser End Else fluser = use_r If zlvers = 'ZLVERS';Then flvers = '' Else flvers = zlvers If zlmod = 'ZLMOD';Then flmod = '' Else flmod = zlmod If zlsclm = 'ZLSCLM';Then flsclm = '' Else flsclm = zlsclm ver1 = flvers mod1 = flmod cdate = flcdate mdate = flmdate mtime = flmtime csize = Strip(flcnorc) isize = Strip(flinorc) user = fluser cdate4= flc4date mdate4= flm4date If Datatype(csize) = 'NUM';Then do If datatype(isize) = 'NUM';Then do mrecs = csize - isize End Else mrecs = 0 End Else mrecs = 0 If mrecs < 1;Then do mrecs = 1 End Return Update_Stats: Address "ISPEXEC" "LMMSTATS DATAID("dataid01")
Re: Friday question: ISPF Statistics Manipulation
On Fri, 7 Jul 2017 16:56:09 +0200, R.S.wrote: >W dniu 2017-07-07 o 15:29, Lizette Koehler pisze: >> As far as I know, the statistics have always worked that way. That as long >> as you had the ability to edit (change/alter/del/create) the PDS you could >> use 3.5 to change the ID field to anything you like. > >...except the dates. >Sometimes I want to change the date (just to prepare "installation >package", no cheating). >Is there any method to change the dates? >I mean set the date to something like 1999-09-09, not just reset. That may require a program of your own that uses STOW. -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Z performancequestion #2 - key 9
There should be no performance cost. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY > Subject: Z performancequestion #2 - key 9 > Sent by: IBM Mainframe Discussion List> > What is the performance cost of using key 9 storage when the PSW is not in key > 9? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Orhan control block in a FIFO chain
On Fri, 7 Jul 2017 09:59:01 -0500, Donald Likenswrote: >We run our product on somewhere around 15 client site. We have had this >problem on one client site (multiple LPARs) since we started running there. We >have only seen this problem on one other system during a trial (they did not >keep the product). The client site that sees this problem sees it randomly but >multiple times during a week. The code for where I think the problem exists is >in the original listserv entry. What we are doing is using the IEFU8X (3,4,5) >exits to extract SMF records and place them in a FIFO control block chain in >CSA to be processed and removed by an STC. I created a batch procedure that >reads SMF records and passed them to the active IEFU8x exit. We ran this batch >process on our test system multiple times duplicating the client’s environment >using SMF data supplied from 1 hour before and 1 hour after the problem showed >up at the client’s site. It feed 297,092 records into our product in 6 minutes >and IT WORKED PERFECTLY every time. > >Does anyone have any ideas on what could cause this situation? You say "duplicating the client's environment." Does that duplication include number of CPs and processor speed? I have seen test environments that were setup as single CP, which does little to help debug problems related to multi-tasking or -processing. How many simultaneous copies of your batch process were running, given that the client could have dozens or hundreds of address spaces writing SMF records? How much multi-tasking within your batch process did you have, in case the issue is related to multi-tasking rather than multi-processing? How did each of your batch processes pass the records to the exit? And which exit(s) did you use? -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On 7 July 2017 at 09:30, John McKownwrote: > There are no control possible for this. The ISPF statistics are simply > data in the "user data area" portion of a member's directory entry. > https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.f54mc00/ispmc28.htm > > how a PDS directory entry is formatted: > https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.idad400/pdsd.htm > > Binyamin mentioned ACF2, but a regular program can use the STOW macro to > update a PDS directory entry. In fact, must be able to in order to add, > delete, or update (other than "in place") a member. I doubt, that even ACF2 > has any control to disallow updating the directory entry of a member in a > DSN to which the user has update authority. It will surprise me if IBM hasn't given some serious thought to this for PDSEs. A formally managed interface to PDSE member metadata, subject to RACF etc. controls, would be quite doable. Of course it would be tricky to make it compatible, but since you already can't do EXCP to a PDSE, it might not be so hard to capture STOW and subject it to security controls. Or provide a brand new member metadata API that is unrelated to the existing directory userdata. > Bottom line: ISPF statistics are NOT ANY GOOD for any kind of security or > auditing purposes. User can update them easily using 3.5 and you can't stop > them. You would need a product such as PDSMAN > https://docops.ca.com/ca-pdsman/7-7/en/administrating/what-is-pdsman How does PDSMAN or similar help with this? By avoiding ever having direct access to the PDS? Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
John McKown wrote: >There are no control possible for this. There are some control. ISPCCONFIG can be used to FORCE stats using module ISPCFIGU, but hahahahahaha, override it with option =3.5 as the OP said. >The ISPF statistics are simply data in the "user data area" portion of a >member's directory entry. True. Those stats are just screen ornaments. Beautiful, but useless... They're really speedhumps on a racetrack... >Bottom line: ISPF statistics are NOT ANY GOOD for any kind of security >orauditing purposes. User can update them easily using 3.5 and you can't stop >them. Activate logging using SMF and use RACF to monitor member usage. Not the overhead worth... Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Orhan control block in a FIFO chain
On Fri, Jul 7, 2017 at 9:59 AM, Donald Likenswrote: > We run our product on somewhere around 15 client site. We have had this > problem on one client site (multiple LPARs) since we started running there. > We have only seen this problem on one other system during a trial (they did > not keep the product). The client site that sees this problem sees it > randomly but multiple times during a week. The code for where I think the > problem exists is in the original listserv entry. What we are doing is > using the IEFU8X (3,4,5) exits to extract SMF records and place them in a > FIFO control block chain in CSA to be processed and removed by an STC. I > created a batch procedure that reads SMF records and passed them to the > active IEFU8x exit. We ran this batch process on our test system multiple > times duplicating the client’s environment using SMF data supplied from 1 > hour before and 1 hour after the problem showed up at the client’s site. It > feed 297,092 records into our product in 6 minutes and IT WORKED PERFECTLY > every time. > > Does anyone have any ideas on what could cause this situation? > > Any help is appreciated. > My SWAG is that there is a problem with serializing the addition and/or deletion of entries in the FIFO queue. I.e. two different CPUs are trying to add (maybe delete) a FIFO entry and one CPUs update is "lost". Without looking at code, this is just a guess. -- Veni, Vidi, VISA: I came, I saw, I did a little shopping. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Orhan control block in a FIFO chain
We run our product on somewhere around 15 client site. We have had this problem on one client site (multiple LPARs) since we started running there. We have only seen this problem on one other system during a trial (they did not keep the product). The client site that sees this problem sees it randomly but multiple times during a week. The code for where I think the problem exists is in the original listserv entry. What we are doing is using the IEFU8X (3,4,5) exits to extract SMF records and place them in a FIFO control block chain in CSA to be processed and removed by an STC. I created a batch procedure that reads SMF records and passed them to the active IEFU8x exit. We ran this batch process on our test system multiple times duplicating the client’s environment using SMF data supplied from 1 hour before and 1 hour after the problem showed up at the client’s site. It feed 297,092 records into our product in 6 minutes and IT WORKED PERFECTLY every time. Does anyone have any ideas on what could cause this situation? Any help is appreciated. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
W dniu 2017-07-07 o 15:29, Lizette Koehler pisze: As far as I know, the statistics have always worked that way. That as long as you had the ability to edit (change/alter/del/create) the PDS you could use 3.5 to change the ID field to anything you like. ...except the dates. Sometimes I want to change the date (just to prepare "installation package", no cheating). Is there any method to change the dates? I mean set the date to something like 1999-09-09, not just reset. -- Radoslaw Skorupka Lodz, Poland == -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.plsąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2016 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.955.696 złotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: EAV volumes and SYSRES
[...] List - Just curious if the EAV volumes can be used for SYSRES volumes or if there are any concerns with using them for SYSRES volumes? If they can be used for SYSRES, any considerations with using them? Just looking for advise. IMHO there are few things to consider: 1. EAV consist of EAS (upper space) and traditional "track-addressable" space. SYSRES and probably everything else can be placed below the line of 65520 cyl, because it is regular "legacy" 3390-54 volume. 2. What can be placed "above the line" (that means in EAS)? That's the question. I would not try to place there any of operational datasets like RACF db, logrec archive, SYS1.MANx, etc. UNLESS it is clearly documented. From the other hand - SYSRES is NOT the place for operational datasets! This is a room for target libraries. I would not worry about non-LPA and non-LNKLST libraries and non-IPL_LNKLST (dynamically added) libraries. And most non-executable (RECFM=U) libraries. 3. What about ZFS and HFS? I would check it again, but IMHO all of them can be placed in EAS. 4. What about ServerPac Installation Dialog? Does it support EAV yet? HTH. -- Radoslaw Skorupka Lodz, Poland == -- Treść tej wiadomości może zawierać informacje prawnie chronione Banku przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku. This e-mail may contain legally privileged information of the Bank and is intended solely for business use of the addressee. This e-mail may only be received by the addressee and may not be disclosed to any third parties. If you are not the intended addressee of this e-mail or the employee authorized to forward it to the addressee, be advised that any dissemination, copying, distribution or any other similar activity is legally prohibited and may be punishable. If you received this e-mail by mistake please advise the sender immediately by using the reply facility in your e-mail software and delete permanently this e-mail including any copies of it either printed or saved to hard drive. mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.plsąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2016 r. kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.955.696 złotych. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
The 3.5 option has been able to manipulate member stats since I first saw "SPF" somewhere around 1980. The most useful function I have found is being able to delete member statistics. This is one way you can save a new member when the directory is out of space. It is usually my second choice after trying "STATS OFF" on the new member I am editing. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of John McKown Sent: Friday, July 07, 2017 8:31 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Friday question: ISPF Statistics Manipulation CAUTION: This email originated from outside of CA. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Fri, Jul 7, 2017 at 8:05 AM, Barbara Nitzwrote: > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and > we were both astonished that I was easily able to fake a userid as the > one who last changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF > control that would prevent this type of manipulation, especially since > the userids in those statistics are widely used as evidence. Does > anyone know if there are such RACF controls? A quick search in the > ISPF books didn't turn up any hint. > There are no control possible for this. The ISPF statistics are simply data in the "user data area" portion of a member's directory entry. https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ibm.com_support_knowledgecenter_en_SSLTBW-5F2.1.0_com.ibm.zos.v2r1.f54mc00_ispmc28.htm=DwIFaQ=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0=_pjUpH7SxKBkB6gBZH_r7a7W1q59Nzy5lPxFUOMH-UM=4Nkmg4zgV8bvaZuf3pzQfmzQUNagnQX66musH9Nq2lY=gmQ7AOx3yGz72ixAbnTxOfFf3gqZ-Z7ugt_coMfx1DM= how a PDS directory entry is formatted: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ibm.com_support_knowledgecenter_en_SSLTBW-5F2.1.0_com.ibm.zos.v2r1.idad400_pdsd.htm=DwIFaQ=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0=_pjUpH7SxKBkB6gBZH_r7a7W1q59Nzy5lPxFUOMH-UM=4Nkmg4zgV8bvaZuf3pzQfmzQUNagnQX66musH9Nq2lY=f80EEL_LypcCjkKc6P-Yiaqk55B20TIKjP7-qQsnRyo= Binyamin mentioned ACF2, but a regular program can use the STOW macro to update a PDS directory entry. In fact, must be able to in order to add, delete, or update (other than "in place") a member. I doubt, that even ACF2 has any control to disallow updating the directory entry of a member in a DSN to which the user has update authority. Bottom line: ISPF statistics are NOT ANY GOOD for any kind of security or auditing purposes. User can update them easily using 3.5 and you can't stop them. You would need a product such as PDSMAN https://docops.ca.com/ca-pdsman/7-7/en/administrating/what-is-pdsman > > Barbara > > -- Veni, Vidi, VISA: I came, I saw, I did a little shopping. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On Fri, Jul 7, 2017 at 8:05 AM, Barbara Nitzwrote: > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and we > were both astonished that I was easily able to fake a userid as the one who > last changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF control > that would prevent this type of manipulation, especially since the userids > in those statistics are widely used as evidence. Does anyone know if there > are such RACF controls? A quick search in the ISPF books didn't turn up any > hint. > There are no control possible for this. The ISPF statistics are simply data in the "user data area" portion of a member's directory entry. https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.f54mc00/ispmc28.htm how a PDS directory entry is formatted: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.idad400/pdsd.htm Binyamin mentioned ACF2, but a regular program can use the STOW macro to update a PDS directory entry. In fact, must be able to in order to add, delete, or update (other than "in place") a member. I doubt, that even ACF2 has any control to disallow updating the directory entry of a member in a DSN to which the user has update authority. Bottom line: ISPF statistics are NOT ANY GOOD for any kind of security or auditing purposes. User can update them easily using 3.5 and you can't stop them. You would need a product such as PDSMAN https://docops.ca.com/ca-pdsman/7-7/en/administrating/what-is-pdsman > > Barbara > > -- Veni, Vidi, VISA: I came, I saw, I did a little shopping. Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
As far as I know, the statistics have always worked that way. That as long as you had the ability to edit (change/alter/del/create) the PDS you could use 3.5 to change the ID field to anything you like. I typically change it to BASE and then as I update members, I can see what has been altered. And I think there has never been a separation in ISPF between the Directory entries and the PDS so there are no security controls over who can alter it. Everything is controlled at the dataset level. So I can change the Stats in any PDS for any member I have UPDATE access to. I would have to check on READ access. You can delete the statistics just as easily as create them. And deleting statistics is an easy way to provide room in the directory to add more members if you do not have a tool to increase the Directory entire of a PDS. There are SAF products like TSS that can secure at the MEMBER level, but I do not think RACF can do that. And maybe that function in TSS may provide the ability to protect the statistics for that member. But that would be a question for Top Secret. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Barbara Nitz > Sent: Friday, July 07, 2017 6:06 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Friday question: ISPF Statistics Manipulation > > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and we were > both astonished that I was easily able to fake a userid as the one who last > changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF control that > would prevent this type of manipulation, especially since the userids in > those statistics are widely used as evidence. Does anyone know if there are > such RACF controls? A quick search in the ISPF books didn't turn up any hint. > > Barbara -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Friday question: ISPF Statistics Manipulation
On Fri, 7 Jul 2017 08:05:42 -0500 Barbara Nitzwrote: :>A colleague of mine just asked me if ISPF statistics in a data set, especially the USERID field, can be manipulated. We used ISPF 3.5 and we were both astonished that I was easily able to fake a userid as the one who last changed a member (testing in my own dataset, of course). :>This immediately raised the question for me if there is any RACF control that would prevent this type of manipulation, especially since the userids in those statistics are widely used as evidence. Does anyone know if there are such RACF controls? A quick search in the ISPF books didn't turn up any hint. As the statistics can be manipulated by STOW/EXCP outside of ISPF, having WRITE authority to the dataset is enough to change it. I have heard that acf2 has a means of altering the DEB of a PDS to prevent access outside of certain member areas, but have not tried it. -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Friday question: ISPF Statistics Manipulation
A colleague of mine just asked me if ISPF statistics in a data set, especially the USERID field, can be manipulated. We used ISPF 3.5 and we were both astonished that I was easily able to fake a userid as the one who last changed a member (testing in my own dataset, of course). This immediately raised the question for me if there is any RACF control that would prevent this type of manipulation, especially since the userids in those statistics are widely used as evidence. Does anyone know if there are such RACF controls? A quick search in the ISPF books didn't turn up any hint. Barbara -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Z performance question #1 - AR mode
How big is the performance cost of running ARMODE? Should there be a section of code that uses only ALET 0, is it best to go into primary mode for that section? -- Binyamin Dissenhttp://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Z performancequestion #2 - key 9
What is the performance cost of using key 9 storage when the PSW is not in key 9? -- Binyamin Dissenhttp://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SMFLIMxx sample?
> -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Pew, Curtis G > Sent: 13 June, 2017 23:15 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: SMFLIMxx sample? > > I’m going through our SMF exits and reviewing them. I was able to > eliminate most of what IEFUSI was doing; all that was left was setting > the REGION limits. Then reading the manual more carefully I discovered > there’s a new (apparently starting in z/OS 2.2) PARMLIB member, > SMFLIMxx, that can do this without the need for an exit. However, the > description of this member in Init and Tuning doesn’t have any examples, > and I’m not really clear on the syntax just from the description. Is > anyone using this? Would you be willing to share some sample rules? One > of my questions is, does the rule have to fit on a single record, or can > it be continued? > > Thanks for any help. > > -- I looked at SMFLIMxx and was disappointed that only region specifications can be moved from IEFUSI, not the data/hiperspace controls (WORD 7). Why not? Just like we want some control over regionsize and memlimit, we don't want to allow unlimited hiper/dataspaces to be created. Kees. For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: EAV volumes and SYSRES
Lizzette: I have been looking at various LOGREC reports recently and looking at processing the logger and remembered seeing this in the EREP user's Guide about the LOGREC history data set: "When you include history data sets as input for your report you must define them on the ACCIN statement. This dataset is not EAS eligible on EAV devices. OPEN fails with 'IEC142I 113-44' if EATTR=OPT is coded in the JCL for the dataset. Table 6 shows some ways to combine input from ERDS and history data sets." It was just added. And then from the JCL manual: Use the EATTR parameter to indicate whether the data set can support extended attributes (format 8 and 9 DSCBs) or not. To create such data sets, you can include extended address volumes (EAVs) in specific storage groups or specify an EAV on the request or direct the Allocation to an esoteric containing EAV devices. By definition, a data set with extended attributes can reside in the extended address space (EAS) on an extended address volume (EAV). This parameter can be specified for non-VSAM data sets as well as for VSAM data sets. Bill From: IBM Mainframe Discussion Liston behalf of Lizette Koehler Sent: Thursday, July 6, 2017 11:01 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: EAV volumes and SYSRES List - Just curious if the EAV volumes can be used for SYSRES volumes or if there are any concerns with using them for SYSRES volumes? If they can be used for SYSRES, any considerations with using them? Just looking for advise. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: IBM Knowledge Center
1. As a reminder, IBM Knowledge Center for z/OS is a standard, included feature of the z/OS base operating system (Version 2.2 and above). Please take advantage of it. If your mainframe is not already "self-documenting," please make it so. 2. A "local" IBM Knowledge Center is also available for the Linux, AIX, and Microsoft Windows operating systems. It is available at no additional charge if you have a license for practically any IBM software product. Yes, you can even install the IBM Knowledge Center on your Linux or Windows PC, download and install desired documentation, and read/search documentation offline. To obtain the IBM Knowledge Center for these other operating systems, please log onto your IBM Passport Advantage Online account and search for CN9WDML. Here's the link to PPA Online: https://www.ibm.com/software/passportadvantage/pacustomers.html 3. Yes, in my view IBM needs to improve the availability of the Internet-accessible IBM Knowledge Center. Let's hope that happens, soon. But that won't be sufficient and never can be. If you manage mission-critical services -- and most people do in this forum -- see above. Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN