-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Martin Kline Sent: Tuesday, December 15, 2009 9:40 AM To: [email protected] Subject: Could DSNAME length restriction be bypassed if catalog allowed longer ALIAS names?
I'm just throwing this idea on the table, and expect either little interest or strong opposition. What if catalog support allowed ALIAS names to exceed 44 characters? First, yes, I did search the archives. Second, Yes I understand the implications. The cost and impact of supporting long alias names (though still not small) would be considerably less than the cost of expanding actual data set names. I just came up with this before my second cup of coffee, so the idea is still cooking. <SNIPPAGE> Let me point out two possible security risks. Assume that the real file name is 44 characters long and that is the way it is held in the VTOC. Now, let's assume that you do not have permission to that file. BUT, you know that if you build a "long name" that uses your userid as the HLQ and prepend that to the DSN, you will cause SAF to be passed the LONG name, not the real name, and this will allow you, via volume specific allocation, to now read that data (or write to the file). Without a tape system, this is a back door into reading tape data that is not yours, if the tape label is 17 characters long. The only way out of this is to set a bit (probably in the model 1 DSCB) that shows that the 44 characters is the REAL name, not truncated, and have the security system do a VTOC look aside (for lack of a better name). Now, let us say that you want to cause a problem for the system. So you pick a data set that is 44 characters long. You prepend your userid, and under TSO you do an allocate with OLD. ENQUEUE SYSDSN will be for the 44 characters. You see where this is going? Just a few thoughts on this idea. Regards, Steve Thompson -- Opinions expressed by this poster may not reflect those of poster's employer -- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
