On Sat, 16 Oct 2010 19:24:36 -0500 John McKown <[email protected]> wrote:
:>OK, I promise to stop replying from my Android phone. With the small :>text, I missed the word "fetch" and only saw "protected". :>The only reason that I can think of would be if the UTOKEN, if readable, :>might be used to impersonate some other user. That is, perhaps this :>UTOKEN is for the RACF id of the person/console which issued the :>command, and not for the RACF id of the running address space. I tried :>to read the RACF books on what the UTOKEN is used for, but was totally :>out of my depth! There is no problem with forging a UTOKEN. The token format is documented. The only problem would be if RACF (or any other security product) accepted a UTOKEN as genuine from an unauthorized caller. :>On Sat, 2010-10-16 at 18:58 -0500, John McKown wrote: :>> A silly question, but why would you want to write on that storage? :>> On Oct 16, 2010 6:10 PM, "Binyamin Dissen" <[email protected]> :>> wrote: :>> Why on earth is the UTOKEN pointed to by CIBXUTOK in fetch protected :>> storage? :>> After all, the MODIFY interface is supported for non-privileged callers. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
