On Thu, 14 Jul 2011 14:22:46 -0500, Mark Zelden wrote: >On Thu, 14 Jul 2011 14:37:29 -0400, Mark Jacobs <mark.jac...@custserv.com> >wrote: > >>I asked IBM specifically whether the then new SAF profiles were used >>while using the query functions in the SMP/E ISPF interface and their >>answer was no. > >(I hate mixing top posting and bottom posting, so I snipped the prior >context ... sorry. Also changed the subject). > I whitewash with the (implied) phrase, "comments inline". Thanks for changing the subject.
>If that is true, it sounds inconsistent with what the enhancement is >doing (unless things like LIST and REPORT aren't protected). So >you protect the LIST command, but don't specifically protect the >ISPF libraries because the HLQs are SYS1 and everyone has read >access to SYS1. Then someone can just execute the ISPF interface >and do the equivalent of LIST. > You're both right. In: SMP/E for z/OS User's Guide Document Number SA22-7773-15 I read: 3.1 Authorizing use of SMP/E commands and services The System Authorization Facility (SAF) restricts the use of certain SMP/E functions to users who have appropriate access to the SAF resources that protect those functions. The functions being controlled are all the SMP/E commands processed by program GIMSMP (for example, SET, RECEIVE, APPLY, ACCEPT, UCLIN, LIST, REPORT, and so on), the GIMZIP and GIMUNZIP service routines, and the GIMIAP copy utility invocation program. ... However, of all the functions described above, several need to be controlled very carefully. Users who are granted access to these resources have the potential to undermine system security regardless of any data set protections you may have in place. Therefore, they should be as trusted, for example, as users who have authority to update APF authorized libraries. These functions, and the corresponding SAF FACILITY class resources that SMP/E checks, are as follows: Table 2. Function and resource name that SMP/E checks Function Resource name RECEIVE command GIM.CMD.RECEIVE APPLY command GIM.CMD.APPLY ACCEPT command GIM.CMD.ACCEPT RESTORE command GIM.CMD.RESTORE REJECT command GIM.CMD.REJECT LINK command GIM.CMD.LINK CLEANUP command GIM.CMD.CLEANUP Program GIMZIP GIM.PGM.GIMZIP Program GIMUNZIP GIM.PGM.GIMUNZIP Program GIMIAP GIM.PGM.GIMIAP So, apparently, while LIST and REPORT are not in the list of functions having the "potential to undermine system security regardless ...", there are nonetheless SAF resources restricting access to them (smokescreen). Which brings to mind another question: I have experimentally built and tested simple GIMZIP-style archives outside SMP/E, using conventional utilities not SAF-controlled, such as IEBCOPY, IEBGENER, SHA-1, ... By doing this and eschewing GIMZIP do I gain security by eliminating the possibility that I might inadvertently activate the ineffable security threat? Or, since I am performing functions equivalent to GIMZIP's, do I incur an equivalent risk? With great curiosity, gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html