On 3/28/2011 9:17 AM, Shmuel Metz (Seymour J.) wrote:
In<[email protected]>, on 03/28/2011
at 04:42 PM, Binyamin Dissen<[email protected]> said:
The security issue is allowing application programmers to write SRB
code (which implies the ability to update APF datasets).
I was under the impression that the applications being discussed were
already AC(1). Modifying an AC(1) application to schedule an SRB
introduces an additional level of risk.
The biggest obstacle for privileged programs is that SRB mode is more
restrictive than task mode. Not all services are allowed in SRB mode; many
functions require a TCB. Error recovery for an SRB is nowhere near as flexible
as for TCB. Also, debugging is not as easy for SRB as for TCB. There is not even
a control block equivalent of the TCB where the operating system keeps
information about an SRB while it's running!
In light of these restrictions, I suppose one could argue that more difficult
programming means less stable programs. Otherwise, there is little difference in
'security' or 'integrity' between the two modes.
Granted, an SRB is an additional unit of work. But, those familiar with
programming multiple TCBs should already be familiar with the necessary concepts.
--
Edward E Jaffe
Phoenix Software International, Inc
831 Parkview Drive North
El Segundo, CA 90245
310-338-0400 x318
[email protected]
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
