SRBs can, I believe, schedule an IRB. An IRB can issue an SVC. SRBs typical run in supervisor state and can do things like peek into other address spaces and potentially view confidential data. Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Rick Fochtman <[email protected]> Sender: IBM Mainframe Discussion List <[email protected]> Date: Sun, 27 Mar 2011 11:47:41 To: <[email protected]> Reply-To: IBM Mainframe Discussion List <[email protected]> Subject: Re: zIIPs and zAAPs ----------------------------------------<snip>--------------------------------------- So (once again) the tech support bods (vendor and customer) are dancing >>>>around on egg-shells trying to accommodate policy decisions made by >>>>sales/marketing/legal droids. >>>> >>>> >>>I consider the zIIP zAP thing something that may compromise security >>>and which causes effort to be made just to save money. The effect may >>>be to have people look at platform movement if they are going to have >>>to rewrite/replace software to save money anyway. >>> >>> >>Compromise security? How? >> >> > >My incomplete and possibly erroneous interpretations of past postings >here led me to believe that zIIP and zAP work had to run in SRB mode >and I also recall someone else claiming this was a security exposure. >Despite having been an MVS (but not OS390 or zOS) systems programmer, >my understanding of these issues is incomplete. On the other hand, as >a person who worked for customers, I hate my employers being charged >more to run that portion of my work that it costs less for IBM and >ISVs to support. > >Clark Morris > > ------------------------------------<unsnip>------------------------------------ IIRC, it's not legal, or possible, to executean SVC in SRB mode. So you can't OPEN or CLOSE a dataset, nor can you do I/O. So I fail to understand how much of a "security risk" can exist here. Rick ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
