On 4/20/2010 6:11 PM, john gilmore wrote:
Your riposte, if that's what it is, comes down to the
assertion that you know how to make an unauthorized library
into an authorized one dynamically, at which point an
authorized task or jobstep can load something from it.
I know how to do this, and I am happy to stipulate that you
do too. My point that an authorized step cannot load
something from an unauthorized library stands.
http://publib.boulder.ibm.com/infocenter/zos/basics/index.jsp?topic=/com.ibm.zos.zsecurity/zsecc_060.htm
(sorry about the wrap)
"Authorized libraries are defined in an APF list, or in the link
pack area. Any module in the link pack area (pageable LPA,
modified LPA, fixed LPA, or dynamic LPA) will be treated by the
system as though it came from an APF-authorized library."
IBM defines an "authorized" library as one that is specified in
the system's static or dynamic APF table (the others are not
relevant to this argument). Authorizing the DEB does not
authorize the library, Q.E.D.
Gerhard Postpischil
Bradford, VT
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
