Re: Posting issues?

On Fri, 5 Apr 2024 15:36:21 -0400, Phil Smith III wrote: >Yeah, I have SPF records. But, increasingly, it seems to be necessary to have DMARC and DKIM properly setup, too. I don't know if that would explain your problem with this mailing list, though. -- Walt

Re: DD SYMLIST?

On Wed, 21 Feb 2024 22:37:28 -0600, Paul Gilmartin wrote: >On Thu, 22 Feb 2024 13:45:18 +1000, Peter Vels wrote: > >>https://www.ibm.com/docs/en/zos/3.1.0?topic=statement-symlist-parameter >> >I'm looking at Page 263 of SA23-1385-60 >z/OS 3.1 MVS JCL Reference >with the page heading DD:

Re: Technical Reason? - Why you can't encrypt load libraries (PDSE format)?

On Mon, 15 Jan 2024 14:45:06 -0600, Joe Monk wrote: >How would that be practical? How would you, for instance, do a batch update >to an encrypted dataset from a CICS vsam file? Sorry; I don't understand the question. How do you do it today? -- Walt

Re: Technical Reason? - Why you can't encrypt load libraries (PDSE format)?

On Mon, 15 Jan 2024 16:15:38 +, Eric D Rossman wrote: >Answering a number of comments in order, in one message. > >First: I don't think being able to encrypt load libraries is worth it. >Encrypted executables, in general, are not going to increase security. > >Jousma, David: > >>

Re: Help Trying to determine where abend occurred

Have you looked at the descriptions of the two fields? From https://www.ibm.com/docs/en/zos/2.1.0?topic=us-important-fields-in-sdwa I see: SDWAEC1 This field contains the PSW that existed at the time of the error. SDWAEC2 The contents of this field vary according to the type of

Re: RACROUTE REQUEST=AUTH problem

On Mon, 11 Dec 2023 09:50:34 -0600, John Blythe Reid wrote: >The client never got the RACROUTE macro to work. Instead they've opted to use >the CICS command EXEC CICS QUERY SECURITY and that works ok. Does anyone think >that the problem may be due to issuing a RACROUTE macro inside a CICS

Re: Usage: "data set" vs. "dataset"

On Sat, 25 Nov 2023 20:38:43 -0600, Paul Gilmartin wrote: >I believe that several years ago IBM Pubs decreed that "data set" >rather than "dataset" was preferred style and swept documentation >emending the latter form. It seems to be creeping back. I just >did a crude scan of the 3.1 .pdfs a

Re: Rexx to clone users in RACF

On Tue, 21 Nov 2023 12:23:24 +0400, Peter wrote: >Cloning and creating one user is easy but > >I want to clone and create 10 userid at once . > >Is it possible to achieve it through DBSNC.? DBSYNC can give you the commands to create 1 user based on another one. Copy/Paste of those commands

Re: Rexx to clone users in RACF

IBM used to, and may still, supply an unofficial REXX exec that I wrote named DBSYNC. One of its operational modes allows cloning a user, though I don't recall if that is described in the documentation or only anecdotally on RACF-L. And I have no idea where such tools & toys are distributed

Re: Is True Skip-Sequential Processing Possible with RECFM=FB,DSORG=PS?

On Sat, 11 Nov 2023 08:59:07 -0500, David S. wrote: >To help resolve a question posted to a LinkedIn group I manage: >www.linkedin.com/feed/update/urn:li:groupPost:910927-7128598004344786944 >... I'd like to find out if there's any way to achieve *true* >Skip-Sequential processing with a Fixed

Re: LISTSERV Trivia: Deleting drafts?

On Mon, 28 Aug 2023 15:21:55 -0500, Paul Gilmartin wrote: >I use the WWW interface to post to IBM-MAIN. At times it tells me I have >lingering drafts. Each shows a trashcan icon. Clicking it usually fails >or causes a window hang. Is there a trick? > >I may have just discovered that it

Re: Updating IEEMB846

On Wed, 23 Aug 2023 19:58:07 +0100, Lennie Dymoke-Bradshaw wrote: >Excellent. Now why didn't I think of that? >Thank you Walt. You're welcome, Lennie :) -- Walt -- For IBM-MAIN subscribe / signoff / archive access

Re: Updating IEEMB846

On Tue, 22 Aug 2023 13:07:01 +0100, Lennie Dymoke-Bradshaw wrote: >I am trying to determine which users are using the TSO CONSOLE command. > >This is controlled one of those TSOAUTH checks that are done at LOGON time >and the results of the RACF check are stored in the PSCB in bit PSCBCNAU. So

Re: Colossal Cave on Android (was: Re: z/OSMF)

There are a number of hits that seem relevant when I do a search for "android version of dosbox", and once you have dosbox installed you should have access to a bunch of old DOS-based text games, including versions of Colossal Cave, I believe. I have not tried this personally, but I use dosbox

Re: A Discussion about RLSE on RAID Drives with Chat GPT-4

Thanks, Hobart. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: A Discussion about RLSE on RAID Drives with Chat GPT-4

On Thu, 29 Jun 2023 18:10:06 -0500, Hobart Spitz wrote: >https://chat.openai.com/share/1718b445-7a89-47a3-ab23-b670aa8c2211 That URL gives a 404 error, for me. Perhaps you could have your conversation again, and quote the conversation here directly next time? -- Walt

Re: RACF and Subject Alternate Name

On Thu, 8 Jun 2023 05:29:41 -0500, Michael Babcock wrote: > >And I simply don't see why RACF could not be made to generate more than >one SAN.   Will that change with z/OS 3.1? The RACF-L mailing list would be a better place for that part of your question, and (perhaps) for the complete

Re: IKJPARS PCL questions

On Sun, 30 Apr 2023 09:49:30 -0400, Joseph Reichman wrote: >Do the keywords have to be enter the way they are laid out in the PCL > >I would think not > >Because that's why they are keywords > >However when I don't enter them that way it does not hit the validity exit From earlier in the

Re: TSO Rexx C2X Incorrect Output

On Thu, 27 Apr 2023 10:01:06 -0400, David Spiegel wrote: >Had I thought (originally) that "Pull" was the issue,. I would've >figured it out on my own. Using the tracing functions in REXX to do the debugging, rather than browsing the data set itself, would also have been helpful. -- Walt

Re: Check my math?

On Thu, 23 Mar 2023 09:34:02 -0500, John McKown wrote: >I got curious about how many possible different values could exist in a >dataset "node". A node can be 1 to 8 characters long. The first character >must be A-Z @#$ or 29 characters. Subsequent characters are those 29 plus >digits 0-9 and a

Re: The Local death of DB2 z/OS --- what is the best way to preserve the data once the mainframe is gone

On Wed, 8 Feb 2023 14:31:02 -0600, Tom Longfellow wrote: >Excellent procedure and approach. And a good path to maybe resurrecting the >application someday. > >I am still trying to sell the concept that a successful migration consists of >not only the data, But a least someway to CRUD

Re: Contents of "Command" field on standard login screen - where to find it

On Thu, 19 Jan 2023 15:02:06 +, Robert Prins wrote: >And then you realise that the question should have been, "How do I get at >it (control-block chasing-wise) in REXX?". > At what time in the user's logon, and where is the REXX exec running? And why are you trying to do this from REXX?

Re: Location of forms code in z/OS manuals

On Wed, 26 Oct 2022 17:06:06 +, Seymour J Metz wrote: >PDFBox is certainly the way to go for the title, but IBM doesn't appear to be >putting the forms code anywhere accessible. The form code is certainly in the text, e.g., at the bottom of the cover page. So you should be able to extract

Re: Fixed fields in regex (was: Trying to Parse a LISTCAT with SORT)

On Tue, 25 Oct 2022 10:33:23 -0500, Paul Gilmartin wrote: >On Tue, 25 Oct 2022 08:55:09 -0500, Walt Farrell wrote: >>>> >>>>>On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote: >>>>>> %03=(ENDBEFR=C'.',FIXLEN=8), #

Re: Fixed fields in regex (was: Trying to Parse a LISTCAT with SORT)

On Sun, 23 Oct 2022 09:36:49 -0500, Paul Gilmartin wrote: >On Sun, 23 Oct 2022 08:59:09 -0500, Walt Farrell wrote: >> >>>On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote: >>>> %03=(ENDBEFR=C'.',FIXLEN=8), # Node 3 >>>>

Re: Trying to Parse a LISTCAT with SORT

On Sat, 22 Oct 2022 10:03:49 -0500, Paul Gilmartin wrote: >On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote: >>... >> %03=(ENDBEFR=C'.',FIXLEN=8), # Node 3 >> ... >Thanks. I've wished for something line FIXLEN in regular expressions. Got an example of what

Re: CSNBENC rc=8 rsn=X'271C'

On Wed, 12 Oct 2022 09:51:36 +0100, Lennie Dymoke-Bradshaw wrote: >It was Pierre's previous posts about replacing a password using ICHEINTY and >R-admin. >Maybe I have mixed up two distinct issues. Perhaps, but that earlier/ongoing thread talking about "having a RACF encrypted password" and

Re: LONGPARM applies?

On Tue, 27 Sep 2022 13:50:14 -0500, Paul Gilmartin wrote: > >Breaking an existing authorized program in that fashion could be a buffer >overrun leading to escalation of privilige; an integrity threat that I'd >consider >an incompatibility. But are you talking about PARM=, which Peter has

Re: DFSORT: BRE vs. ERE

On Fri, 2 Sep 2022 14:39:22 +, Sri h Kolusu wrote: >>> How can the programmer select which of the two supported versions DFSORT >>> will use? The later examples seem to show only EREs or to be neutral. An >>> example showing a BRE instead would be useful. > >Paul, > >Since both versions

Re: DFSORT: BRE vs. ERE

On Fri, 2 Sep 2022 07:33:27 -0500, Paul Gilmartin wrote: >In DFSORT Application Programming Guide: >INCLUDE Control Statement >Regular expressions >... >Two versions of regular expressions are supported: >• Basic Regular expressions (BRE) >• Extended Regular expressions (ERE) >

Re: Calculate deltas using DFSORT

On Wed, 31 Aug 2022 11:13:57 -0500, Paul Gilmartin wrote: >>In any case, "[^abc]" does not match "wombat". It matches only a single >>character of a string. So, it might match the "w" in "wombat", or the "o", or >>the "m", or the "t", depending on other details of the input string being

Re: Calculate deltas using DFSORT

On Wed, 31 Aug 2022 16:35:27 +, Sri h Kolusu wrote: >>>The DFSORT manual (and others) should not attempt to explain regular >>>expressions. They should defer to citing a single publication with such an >>>explanation. > >I completely agree, however each component within IBM is

Re: Calculate deltas using DFSORT

On Wed, 31 Aug 2022 10:03:21 -0500, Paul Gilmartin wrote: > >"[^abc]" matches any string containing a character >other than a, b, or c. It matches "wombat". However, >"^[^abc]*$" matches strings containing no character >other than a, b, or c. It does not match "wombat". Was that something

Re: GLOBAL OPERCMDS ACTIVATION

On Wed, 24 Aug 2022 09:55:56 -0500, Michael Babcock wrote: >I’m trying to define the MVS.MCSOPER.*/READ profile global class. > >I issued the following in batch: > > RDEF GLOBAL OPERCMDS OWNER(PXX) UACC(NONE) >ADDMEM(MVS.MCSOPER.*/READ) > >READY > > SETROPTS GLOBAL(OPERCMDS) >REFRESH >

Re: rexx and IDCAMS functions

On Mon, 22 Aug 2022 16:16:06 -0500, Paul Gilmartin wrote: >Why is there an AUTHPGM NAMES list at all? Why shouldn't it just be >* (everything) >??? > >I can imagine several reasons: Even some authorized programs might not >be trusted not to modify the WAITing TSO task (IKJEFTT09?), perhaps

Re: rexx and IDCAMS functions

On Mon, 22 Aug 2022 09:47:44 -0500, Paul Gilmartin wrote: >On Mon, 22 Aug 2022 09:42:25 -0500, Walt Farrell wrote: > >>>I forgot to mention that "IDCAMS" is included on the >>>SYS1.PARMLIB(IKJTSOxx)) AUTHPGM NAMES list >> >>Yes, that would be require

Re: rexx and IDCAMS functions

On Mon, 22 Aug 2022 15:39:52 +, Seymour J Metz wrote: >Why do you say that? The CALL command is a very different animal from ADDRESS >LINKMVS. As I recall, Lizette said she was mandated to use LINKMVS. And as we have pointed out, for her purposes, LINKMVS will not work. I think Jack was

Re: rexx and IDCAMS functions

On Mon, 22 Aug 2022 14:01:46 +0100, Jack Zukt wrote: >I forgot to mention that "IDCAMS" is included on the >SYS1.PARMLIB(IKJTSOxx)) AUTHPGM NAMES list Yes, that would be required in order for your TSO CALL command to invoke IDCAMS with APF-authorization. -- Walt

Re: rexx and IDCAMS functions

On Sat, 20 Aug 2022 13:28:29 -0700, Lizette Koehler wrote: >I think what I am having a challenge with is the STGADMN.IDC.DCOLLECT in >Facility Class > >The UACC is NONE but the ACL has * READ > >The process creates the JCL Statements in ALLOC statements. SYSIN will >contain the DCOLLECT

Re: rexx and IDCAMS functions

On Tue, 16 Aug 2022 19:49:16 -0700, Lizette Koehler wrote: >I am actually using LINKMVS and that is getting the error > >I want my general user to be able to do things without knowing idcams What, exactly, does your code do, Lizette? What are you invoking with LINKMVS, and what are you

Re: Looked at Destination Z lately?

On Fri, 1 Jul 2022 10:07:34 -0700, Tom Brennan wrote: >archive.org shows it was used by IBM, but years ago. Thanks. Looks like it was still in use on Feb. 18, 2020, but it became a redirect to community.ibm.com by Aug. 1, 2020, according to the Wayback Machine. -- Walt

Re: Looked at Destination Z lately?

On Fri, 1 Jul 2022 00:07:27 -0400, Gabe Goldberg wrote: >www.destinationz.org isn't quite what one would expect for IBM's >mainframe community website. > >Did someone let domain registration expire, was it hacked or redirected? Was it ever used for that purpose? I see no Google references to

Re: How To Handle RACROUTE logic

On Mon, 27 Jun 2022 10:20:43 -0500, Mike Cairns wrote: >One important difference you might need to be aware of is between a normal >RACROUTE call that executes under the authority of the current user associated >with the running address space (a First Party call - i.e. checking your own

Re: Large block interface for VB

On Mon, 1 Mar 2021 09:12:59 -0500, Joseph Reichman wrote: >I have 100 files concatenated that are normally processed by qsam with a lrecl >31996 and blksize 32000 > >Since processing takes a long time I was looking to speed things up by >specifying a blksize of 32 in the DCBE > >After

Re: Unable to ALLOC dsn without new

On Tue, 24 Nov 2020 10:35:40 -0600, Elaine Beal wrote: >I give up :), asking for help > >Defining a new user and logon proc issues > >SET = >ALLOC FI(ISPPROF) SHR DA('') > >the dsn is new and evidently the alloc fails > >but i can manually alloc a new dsn without the new parm (under

Re: blanks at the end of Unix file names - was LMINIT cannot handle concatenation with more than 16 data sets?

On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote: >Applications should not "validate" filenames before attempting to open or >create a file. Present the name to the file system API and report any error >back to the user. Application filename validation is what leads to these

Re: blanks at the end of Unix file names - was LMINIT cannot handle concatenation with more than 16 data sets?

On Tue, 29 Sep 2020 19:58:06 -0500, Paul Gilmartin wrote: >On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote: > >>Applications should not "validate" filenames before attempting to open or >>create a file. Present the name to the file system API and report any error >>back to the user.

Re: Query ESM from REXX

On Mon, 3 Aug 2020 04:16:38 +, Gadi Ben-Avi wrote: >But that would mean checking if the user has access, or if the user has access >through any of the groups it is connected to. If I remember correctly, if the user can see anything from the profile that protects the resource then he has

Re: HOW DO I VERIFY A USERID'S ACCESS TO A DATASET

On Sat, 13 Jun 2020 23:32:02 -0400, Bob Bridges wrote: >Gil, you mustn't think I plan to make it a habit but I think I'm going to >disagree with you on every point, here: > >o Well, maybe not on the first one: What's "TOCTTOU"? Time Of Check To Time Of Use. As you're making the check, a

Re: S0F9 and SOFD ABENDs and SVC dumps - oh my!

On Mon, 4 May 2020 16:29:48 -0400, Tony Harminc wrote: >On Mon, 4 May 2020 at 04:23, Barbara Nitz wrote: > >> Doesn't matter. With an IMS region, you cannot use cancel (z/OS: >> "non-cancelable, use force arm"). You cannot use force arm (z/OS: "cancel >> first, please"). And you cannot use

Re: Mainframe user ID length

On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick wrote: >Is z/OS still limited in all cases to 8 upper case characters? I am curious >if a user that only has access to MQ might be able to have a longer and >ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS. It

Re: 64-bit application dump analysis [was: RE: Problems with ESTAEX invoked in AMODE 64 . . . ]

On Thu, 26 Mar 2020 13:10:18 -0500, Paul Gilmartin wrote: >On Thu, 26 Mar 2020 17:54:58 +, Seymour J Metz wrote: > >>ObSchiller IPCS is part of z/OS. All dangerous facilities of IPCS are >>controlled by SAF. If your management capriciously prohibits you from using >>it, the responsibility

Re: How many ways can one sentence be wrong dept

On Sun, 12 Jan 2020 09:27:52 +, Jeremy Nicoll wrote: >On Sun, 12 Jan 2020, at 04:24, Phil Smith III wrote: >> From a book: >> >> "... located a Trojan virus during a routine mainframe defrag." > >I dunno about the first bit, but "routine mainframe defrag" is fine. >DFDSS has a DEFRAG verb.

Re: AUTHPGM in IKJTSOxx

On Wed, 4 Dec 2019 01:28:39 +, Lennie Dymoke-Bradshaw wrote: >Jesse / Skip, > >This is actually defined as being a requirement in "DFSMS Access Method >Services Commands" SC23-6846-30. See Page 6, or just search for AUTHCMD and >you will quickly find it. It states the following, > >"To

Re: AUTHPGM in IKJTSOxx

On Mon, 18 Nov 2019 20:03:59 +, Seymour J Metz wrote: >What do you mean by "the initial program"? The TMP doesn't need to be in any >list. > >There are a few caveats on authorization. > > Whether the entire linklist is autoorized depends on what you have in > PARMLIB. > > Anything in

Re: AUTHPGM in IKJTSOxx

On Mon, 18 Nov 2019 10:54:06 -0500, scott Ford wrote: >So guys, stupid question what about a STC that provisions for RACF, etc. >But the design is as a normal generalized user, but with a id >with SPECIAL that is invoked only during the time of passing the command to >RACF ? Does it have to be

Re: AUTHPGM in IKJTSOxx

On Sun, 17 Nov 2019 19:10:16 -0600, Paul Gilmartin wrote: >On Sun, 17 Nov 2019 15:50:53 -0600, Walt Farrell wrote: > >>On Sun, 17 Nov 2019 00:33:29 +, Leonardo Vaz wrote: >>> >>>But wouldn’t that program be system integrity even if not placed on AUTHPGM? >

Re: AUTHPGM in IKJTSOxx

On Sun, 17 Nov 2019 00:33:29 +, Leonardo Vaz wrote: > >But wouldn’t that program be system integrity even if not placed on AUTHPGM? >The user could execute it batch first example and >change his ACEE or anything else. No, that wouldn't be a problem, because if the user wrote his own

Re: AUTHPGM in IKJTSOxx

On Sat, 16 Nov 2019 15:30:01 +, Leonardo Vaz wrote: >I am curious now, does a custom homegrown program have to take extra >precautions to be placed under AUTHPGM? What would those be? > Usually, no. Sometimes, depending on what the program does, yes. For example, consider a program which

Re: SVC dump data set layout

On Fri, 25 Oct 2019 09:30:27 -0500, Steve Horein wrote: >However, with the name, I can leverage some tools to open and read the data >set to get pertinent info. For example, this NetView PIPE recipe can get >what appears to be the TITLE and JOBNAME from the first record at columns >89 and 1151:

Re: Submitting batch if you don't have TSO

On Wed, 11 Sep 2019 12:15:11 -0500, Paul Gilmartin wrote: >As I follow this thread, I wonder why CICS doesn't submit batch jobs >with the credentials of the requesting individual rather than the CICS >region. Some of the IBM CICS designers over the years have wanted to allow that. The IBM z/OS

Re: Email validation (was Re: Mainframe Report meets abrupt end | Computerworld Shark Tank)

On Wed, 24 Apr 2019 12:10:59 -0500, John McKown wrote: >> >> >> Why are passwords restricted to a maximum length of 8, and passphrases >> restricted to a minimum length of 9? >> > >Passwords are restricted to a max of 8 for historical reasons. They were >once kept in SYS1.UADS -- the TSO

Re: How to grant access to CONSPROF

On Wed, 13 Mar 2019 11:39:30 -0700, Lizette Koehler wrote: >Dear List - > >I am trying to run a batch REXX that issues CONSPROF or CONSOLE commands. > >I have set up everything in IKJTSO00 for CONSOLE, I have updated the RACF >TSOAUTH for the ID issuing the commands > >The process will VARY

Re: RACF: Limiting update-authorization of a file to a particular application

On Thu, 7 Mar 2019 19:33:31 +, Seymour J Metz wrote: >My understanding is that he needs ISPF services in his application. Then he is probably not going to be able to get it to run, safely and with integrity, under TSO/E. It will need a multi-address space implementation unless he's very

Re: RACF: Limiting update-authorization of a file to a particular application

On Thu, 7 Mar 2019 15:45:14 +0200, Steff Gladstone wrote: >But if I TSOEXEC CALL the Cobol I/O routine, will it retain the context >between calls? Won't the DCBs and ACBs and working storage be reinitialized >on every call? You need to TSOEXEC CALL the main COBOL program. It must run isolated,

Re: RACF: Limiting update-authorization of a file to a particular application

On Wed, 6 Mar 2019 17:26:56 +, Seymour J Metz wrote: >ATTACH by an unprivileged application cannot change the authority and >privileges of the address space. TSOEXEC passes the request to the Terminal >Monitor >Program (TMP), which sets the unauthorized tasks nondispatchable before

Re: RACF: Limiting update-authorization of a file to a particular application

On Wed, 6 Mar 2019 19:29:05 +0200, Steff Gladstone wrote: >One further question: > >Would use of IKJEFTSI/IKJEFTSR/IKJEFTST work here? I.e., provide an >isolated eenvironment for RACF while maintaining continuity within the I/O >routine without re-initializing its working storage on each

Re: RACF: Limiting update-authorization of a file to a particular application

On Wed, 6 Mar 2019 19:01:25 +0200, Steff Gladstone wrote: > >This works ok for privileged users (i.e., the subtasking and I/O logic >works fine, the COBOL I/O routine is not reintiaiized on each call, and of >course there are no RACF issues). But for non-privileged users RACF issues >the

Re: RACF: Limiting update-authorization of a file to a particular application

On Wed, 6 Mar 2019 19:01:25 +0200, Steff Gladstone wrote: > >The COBOL I/O routine is called by a fairly complex TSO/ISPF application. >So we decided to communicate to the I/O routine via a subtask in order to >simplify the environment (as per Walt Farrell's claim that a new TCB >creates a

Re: How many asterisks to change a lightbulb?

On Mon, 4 Mar 2019 16:53:24 +, Jesse 1 Robinson wrote: >On two different RACF plexes, we have these two profiles in the SDSF class: > >ISFCMD.ODSP.* (G) >ISFCMD.ODSP.** (G) > >I'm confounded to explain the difference between one or two asterisks. Help? The two differences: (1)

Re: RACF: Limiting update-authorization of a file to a particular application

On Thu, 21 Feb 2019 15:22:33 +, Seymour J Metz wrote: >AFAIK it won't reset the dirty bit. It does isolate AC(0) from AC(1). Yes, it will, for that isolated parallel environment. -- Walt -- For IBM-MAIN subscribe /

Re: RACF: Limiting update-authorization of a file to a particular application

On Wed, 20 Feb 2019 15:51:23 +0200, Steff Gladstone wrote: >Do I understand correctly that TSOEXEC CALL creates a new subtask >environment which is "insulated" from the goings-on in the mother task? Yes. The parallel environment established by TSO/E via TSOEXEC would be clean, even if the

Re: RACF: Limiting update-authorization of a file to a particular application

On Sun, 17 Feb 2019 18:05:59 +0200, Steff Gladstone wrote: >Ok. We have been playing around with program control.If PROG1 (a COBOL >program incidentally) is to be allowed exclusively to update file MY.FILE, >then we: > >1. introduced PROG1 into the list of programs in AUTHPGM in member

Re: What is the bit that causes the bypassing of dataset ENQ

On Mon, 11 Feb 2019 09:06:21 -0800, Charles Mills wrote: >I did not recall the exact operation of the bit flag. If I'd recalled that it >was an SVC 99 flag rather than some sort of global flag I might well have >found it myself. > >Why criticize people for asking a question? If they knew the

Re: What is the bit that causes the bypassing of dataset ENQ

On Sun, 10 Feb 2019 14:08:15 -0800, Charles Mills wrote: >A kind soul offline points out S99NORES. > >(No wonder I couldn't find it in the TCB.) It also would have helped if you'd said you were interested in -dynamic- data set allocation, rather than simply data set allocation. It changes the

Re: REXX syscalls and the dirty bit

On Thu, 24 Jan 2019 15:25:45 +, Steve Austin wrote: >Hi, I'm using the 'shmat' syscall to attach a shared memory object, but using >the REXX storage function to alter it causes the dirty bit to be set. Any idea >why this is or how to prevent it? As Ed said, because you're loading

Re: Code vulnerability

On Sat, 8 Dec 2018 21:09:42 +0200, Binyamin Dissen wrote: >I don't believe this tool would be appropriate for the OP as it detects system >objects (for the lack of a better term) that allow inappropriate privilege >elevation or storage access. Application code would not benefit from this >tool.

Re: Recommended method for accessing secondary access spaces

On Sun, 11 Nov 2018 09:39:31 -0500, Joseph Reichman wrote: >on second there maybe another way of getting the >information besides going into XMEM > There is another way, already mentioned in this thread: do all your "cross-memory" data gathering by scheduling SRBs into the other address

Re: Profiles specific to user

On Sat, 3 Nov 2018 15:00:01 -0500, Mike Cairns wrote: >Unfortunately the SEARCH command only applies to the user executing the >command. Returning the profiles that *you*, the executing user, have access >to. I think what Vignesh is asking for is a list of the profiles for a given >user

Re: ASCB scan and user-id...

On Sun, 16 Sep 2018 17:06:53 +0300, ITschak Mugzach wrote: >I do understand it, but it is interesting that same blocks in different >address spaces maps to same address spaces. It is clear why, it is always >the same order of build, but still interesting. Unless it's changed in the past few

Re: Spectre/Meltdown APAR - OA54807

On Thu, 13 Sep 2018 09:21:39 -0700, Charles Mills wrote: >I do think IBM needs to somehow better accommodate ISVs. My understanding is >that "you have to own a real mainframe" to get access to the security >portal. Thus ISVs who own only zPDTs or who rent time at Dallas do not >qualify. I

Re: General RACF question for Walt

On Mon, 6 Aug 2018 11:13:49 +, Blake, Daniel J [CTR] wrote: >Years ago I was called to assist two different customers who both screwed up >the only Special userid. In both cases I was able to switch to the IBM >supplied RACF data bases that came with a ServerPac. Logged in with IBMUSER,

Re: RACF Special User Revoked System

On Sat, 4 Aug 2018 19:41:03 +0300, saurabh khandelwal wrote: >Thanks for reply. > >Special user is getting below message > >IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF > >and any other TSO user getting > >IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access

Re: Security bypass on key 0 / sup state VSAM OPEN was Re: A curiosity Question

On Sat, 28 Jul 2018 12:00:51 -0300, Clark Morris wrote: >[Default] On 27 Jul 2018 17:41:11 -0700, in bit.listserv.ibm-main >rob.schr...@gmail.com (Rob Schramm) wrote: > >>I am not sure.. They out those extended checks with smf 82's.. and put some >>use parameters in the asymuse. >> >>I don't

Re: A curiosity Question

On Fri, 27 Jul 2018 16:19:31 -0400, Rob Schramm wrote: >You would think that.. but what about the pervasive encryption? Wouldn't >ICSF with CHECKAUTH makes sure the key 0 user was authorized for the crypt >key and possibly checked for use for the data set? No, I would not expect ICSF to be

Re: A curiosity Question

On Thu, 26 Jul 2018 22:05:08 -0400, Rob Schramm wrote: >How does that interact with ICSF CHECKAUTH that forces security checks for >authorized address spaces? There is no interaction, because you're mixing up different kinds of checks. We've been talking about OPENing VSAM clusters, but you've

Re: A curiosity Question

On Thu, 26 Jul 2018 20:56:07 -0500, Paul Gilmartin wrote: >On Thu, 26 Jul 2018 22:13:01 -0300, Clark Morris wrote: > ... >>Why would they exclude only VSAM from checking? Is it because of Page >>Datasets or some other reason? Are there other ways of bypassing or >>ignoring checking for

Re: A curiosity Question

On Thu, 26 Jul 2018 09:54:48 -0500, Tom Marchant wrote: >On Thu, 26 Jul 2018 07:50:04 -0500, Walt Farrell wrote: > >>On Tue, 24 Jul 2018 15:08:51 +, Seymour J Metz wrote: >> >>>Neither APF authorization nor supervisor state suspend normal SAF processing >

Re: A curiosity Question

On Tue, 24 Jul 2018 15:08:51 +, Seymour J Metz wrote: >Neither APF authorization nor supervisor state suspend normal SAF processing >for, e.g., OPEN. If you know of a privileged application >that bypasses >normal resource controls and does not require SAF authorization before doing >so,

Re: TSO TEST breakpoint subcommand call either looping or not being executed

On Mon, 9 Jul 2018 08:29:09 -0400, Joseph Reichman wrote: >I have gotten the following code to work (with the help of Binyamin) as I will >list below but the problem is it is only being executed once and I am looping >thru a number of records >Seems like when I get to DUMBRK OFF +4; GO +4 it

Re: Running TSO TEST in Background

On Fri, 6 Jul 2018 13:38:45 -0400, Joseph Reichman wrote: >Would any one know if you can run TSO TEST as a background Job on either >IKJEFTSOEV or IKJEFT01 I would expect it to work under IKJEFT01 (and I vaguely recall doing that in the distant past), but probably it would not work in an

Re: Linklist and APF

On Thu, 5 Jul 2018 17:18:24 +0200, R.S. wrote: >I have job with the following steplib: > >//STEPLIB DD DISP=SHR,DSN=HLQ.LNKLST.LIB1 >// DD DISP=SHR,DSN=HLQ.LNKLST.LIB2 >// DD DISP=SHR,DSN=HLQ.NONLNK.LIB3 > >LIB1, and LIB2 reside in LNKLST, but not on APF. >LIB3 is not on LNKLST, but is

Re: Eternal WAIT on un-waited ECB

On Mon, 25 Jun 2018 11:22:51 -0700, Charles Mills wrote: >Well, it's not a "problem" (FSVO "problem") but in an example that is >supposed to show the fast way of doing things, one might avoid slower >instructions, such as storage literal references, when alternatives like >TMLH and LLILF are now

Re: Is TCBSENV propagated to child TCB by ATTACHX

On Fri, 22 Jun 2018 09:43:15 -0500, John McKown wrote: >This is strictly a curiosity question. Suppose for some unspecified & >irrelevant to this discussion that my code is running under a TCB which has >a non-zero TCBSENV value. If my code were to do an ATTACHX to create a >subtask, would the

Re: 2 possible RFE --- ISPF & SDSF.

On Fri, 22 Jun 2018 15:02:35 -0400, Steve Smith wrote: >I'll grant you have a point... but I thought the national characters were >defined as x'5B', x'7B', and x'7C', regardless of how displayed. > Correct. The hex value is the important part. Depending on your codepage and/or keyboard it may

Re: RACF protection of a volume

On Mon, 4 Jun 2018 17:27:25 -0500, Todd Burrell wrote: >Hopefully this is not a stupid question - but is it possibly via RACF (maybe >with DASDVOL) to allow a particular system to have only read access to a DASD >volume? We have a need to possibly vary some devices onto a system in one >plex

Re: UserKEY CSA/Dataspace scope=common Remdiation

On Tue, 15 May 2018 16:53:33 +, Jousma, David wrote: >Ok, quick eye-ball verification from the guru's that are better ASM programmer >than I... > >SMF30 RAXFLAGS is kicking out the a module for which I selectively pulled out >the DSPSERV code for allocating USERKEY

Re: GETMAIN LOC=32

On Tue, 15 May 2018 12:10:46 -0500, Paul Edwards wrote: >On Tue, 15 May 2018 11:57:55 -0500, Tom Marchant >wrote: > >>>There are multiple ways of guaranteeing 0. The >>>best is IBM guaranteeing it on entry to a program, >>>as another RFE. In the

Re: GETMAIN LOC=32

On Mon, 7 May 2018 09:00:37 -0500, Paul Edwards wrote: >I just want z/OS to match MVS/380, >and there is nothing technically preventing >that from happening. Nothing, except all the z/OS changes that you haven't considered, and all the application changes they might imply

Re: AC(1)

On Mon, 30 Apr 2018 16:54:22 -0700, Charles Mills wrote: >Do you want to query AC(1) specifically or whether you are running >authorized, which requires AC(1) plus an all-APF-authorized STEPLIB >concatenation? No, running authorized does not (necessarily) require AC(1).

  1   2   3   4   5   >