On 2015-10-26 18:41, Farley, Peter x23353 wrote:
Again, I don't see any "ways that compromise security/integrity" here, from an
application programmer's point of view, but maybe I just don't think like a black hat.
"Validly use" is too strong, I think. As I said in my earlier response to Chris C., the
usual application programs only need to deal with addresses in their one and only address space,
and if written to avoid abends may want to know that an address is valid in the address space and
whether it can be read from or written into. State changes of the types discussed so far are
usually unlikely in such applications, so why isn’t this usage "valid"?
I accept that my POV here may be far too narrow to see the forest for the trees.
Peter
In an address space with multiple tasks (which is certainly not uncommon
these days), it is always possible for task A to release storage that
task B wants to use. If the storage is freed between your TPROT check
and your actual storage access, then you could abend. If the storage is
freed and then the same virtual storage address is obtained for
something different before you get around to using it, then the results
are unpredictable.
TPROT does not actually tell you whether the input storage address is
GETMAIN-allocated. It just tells you that some storage in the page
containing the address is GETMAIN-allocated. And on a z13 with OA46291
applied, you should not count on even that being true.
--
Regards, Gord Tomlin
Action Software International
(a division of Mazda Computer Corporation)
Tel: (905) 470-7113, Fax: (905) 470-6507
