The use of virtual device address "123" for such a critical purpose
(access to the sysres) has always bothered me. It's just too easy for
something like what Stanley reports to happen: 123 doesn't "look
special". Also, various IBM and ISV products have been known to use MAINT
123 during product installation or even in production. I rather like the
idea of knowing what's using my sysres, and for what purpose.
So... one of the first things I do when installing a new VM release (even
before installing an External Security Manager) to edit the "USER DIRECT"
file and change MAINT 123 to MAINT EEE. I've never seen EEE used
anywhere else, and it sounds a bit like the sound one might emit after
accidentally formatting the sysres: EEEEEEEEeeeeeeeeeeeeeee!!! ("Arrrghhh"
might have been a better virtual address, but hex addressing only goes so
far).
Were I to chose a new address today, maybe it would provide a better
warning, such as D1E. But EEE does catch the eye pretty well.
Mike Walter
Hewitt Associates
The opinions expressed herein are mine alone, not my employer's.
"Stanley Rarick" <[EMAIL PROTECTED]>
Sent by: "VM/ESA and z/VM Discussions" <[email protected]>
10/23/2005 01:31 PM
Please respond to
"VM/ESA and z/VM Discussions" <[email protected]>
To
[email protected]
cc
Subject
Re: Horror Story. Was: DIRMAINT questions
Alan Altmark wrote:
<snip>
We've been looking at ways to get CP to protect itself better from
accidental destruction by the sysprog. I'll add this one to the list to
think about.
More than likely, CP won't be able to prevent the definition of such
minidisk overlays, but could refuse to instantiate them.
Alan Altmark
z/VM Development
IBM Endicott
I once saw a sysprog do a FORMAT 123 on MAINT (he thought he was in a
different virtual machine with a TDISK at 123). It was a first level
system hosting other systems for an outsourcer - the systems didn't stay
up long after the command was issued. The recovery was something I would
not chose to repeat. We closed that hole that by detaching 123, and
writing a front-end exec to DIRECTXA which linked to 123 before DIRECTXA
and detached it after.
Stan Rarick
The information contained in this e-mail and any accompanying documents may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if this
message has been addressed to you in error, please immediately alert the sender
by reply e-mail and then delete this message, including any attachments. Any
dissemination, distribution or other use of the contents of this message by
anyone other than the intended recipient is strictly prohibited.
