On Thu, 8 Apr 2010 15:17:03 +0200, R.S. wrote: >> >> ... No unauthorized >> program, regardless of the provenance of the code (IBM, customer, >> ISV, or any mixture) should pose a threat to system integrity. >> (Isn't that IBM's policy position?) > >Do we know that the APAR is related to APF authorization of GIMSMP? >Why do we consider IEBCOPY? Is IEBCOPY engaged in any way in the APAR? >Do we know that? > All irrelevant (see last paragraph below). But, empirically, I have run SMP/E unauthorized (inadvertently or experimentally) The problems I encountered concerned IEBCOPY and S99WTDSN. There might be others.
>BTW: I know that APF program cannot call other program out of APF >library. However in this case we consider the opposite scenario: Can >non-APF program call APF-one? If so, then GIMSPE may be unathorized >with no changes to IEBCOPY authorization. Is my assumption correct? > In that case, the otherwise authorized program executes unauthorized. My experience (see above) confirms this. >BTW2: I can imagine APAR classified as integrity for unauthorized >program and this does not break any integrity statement. Just matter of >"integrity" definition. > Essentially, we agree. My understanding of IBM's integrity statement (not verbatim) is that no unauthorized program can attain superviser state, key 0, or otherwise escalate its privileges. So, yes, if an unauthorized program does this, it's pretty automatically cause for an integrity APAR for an unauthorized program. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
