On Thu, 14 Jul 2011 14:22:46 -0500, Mark Zelden wrote:
>On Thu, 14 Jul 2011 14:37:29 -0400, Mark Jacobs <mark.jac...@custserv.com>
>wrote:
>
>>I asked IBM specifically whether the then new SAF profiles were used
>>while using the query functions in the SMP/E ISPF interface and their
>>answer was no.
>
>(I hate mixing top posting and bottom posting, so I snipped the prior
>context ... sorry. Also changed the subject).
>
I whitewash with the (implied) phrase, "comments inline". Thanks for
changing the subject.
>If that is true, it sounds inconsistent with what the enhancement is
>doing (unless things like LIST and REPORT aren't protected). So
>you protect the LIST command, but don't specifically protect the
>ISPF libraries because the HLQs are SYS1 and everyone has read
>access to SYS1. Then someone can just execute the ISPF interface
>and do the equivalent of LIST.
>
You're both right. In:
SMP/E for z/OS
User's Guide
Document Number SA22-7773-15
I read:
3.1 Authorizing use of SMP/E commands and services
The System Authorization Facility (SAF) restricts the use of
certain SMP/E functions to users who have appropriate access to
the SAF resources that protect those functions. The functions
being controlled are all the SMP/E commands processed by program
GIMSMP (for example, SET, RECEIVE, APPLY, ACCEPT, UCLIN, LIST,
REPORT, and so on), the GIMZIP and GIMUNZIP service routines,
and the GIMIAP copy utility invocation program.
...
However, of all the functions described above, several need to be
controlled very carefully. Users who are granted access to these
resources have the potential to undermine system security regardless
of any data set protections you may have in place. Therefore, they
should be as trusted, for example, as users who have authority to
update APF authorized libraries. These functions, and the
corresponding SAF FACILITY class resources that SMP/E checks,
are as follows:
Table 2. Function and resource name
that SMP/E checks
Function Resource name
RECEIVE command GIM.CMD.RECEIVE
APPLY command GIM.CMD.APPLY
ACCEPT command GIM.CMD.ACCEPT
RESTORE command GIM.CMD.RESTORE
REJECT command GIM.CMD.REJECT
LINK command GIM.CMD.LINK
CLEANUP command GIM.CMD.CLEANUP
Program GIMZIP GIM.PGM.GIMZIP
Program GIMUNZIP GIM.PGM.GIMUNZIP
Program GIMIAP GIM.PGM.GIMIAP
So, apparently, while LIST and REPORT are not in the list
of functions having the "potential to undermine system
security regardless ...", there are nonetheless SAF resources
restricting access to them (smokescreen).
Which brings to mind another question: I have experimentally
built and tested simple GIMZIP-style archives outside SMP/E,
using conventional utilities not SAF-controlled, such as
IEBCOPY, IEBGENER, SHA-1, ... By doing this and eschewing
GIMZIP do I gain security by eliminating the possibility that
I might inadvertently activate the ineffable security threat?
Or, since I am performing functions equivalent to GIMZIP's,
do I incur an equivalent risk?
With great curiosity,
gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
