Some of the integrity examples have been tripping a bit over trying to define system integrity in terms of the behavior of authorized programs, when the statement is in terms of what an unauthorized program must not be allowed to do.
For the PC FLIH intercept case, the requirement is that a malicious user must not be able to take advantage of this mechanism in order to get their own code running authorized. For the fetch-protection case, the requirement is that a malicious user must not be able to trick a service into copying arbitrary fetch protected system key storage into non-fetch protected storage viewable by the unauthorized caller. The authorized code must be written to prevent such exposures. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
