>I do not see it. Standard invocations (link/attach/xctl) will enforce >a non-exposure environment.
As Walt Farrell mentioned, the risk is when someone does EXEC PGM=xx to something that does not expect to get control that way. It is not an integrity "problem" necessary, but it is an integrity "risk". You might have programmed so that IF that did happen, the program would simply terminate without doing no harm. If so, there is no exposure. This sort of situation arises "naturally" when you have a load module with aliases and only want one of the aliases to be used via EXEC PGM=xxx and you need it to be AC=1 in an APF-authorized library. AC=1 is applied to the entry and all the aliases (there is no way that I know of to indicate "do AC=1 only for this alias" for example). Thus in this case, the entry that is to be EXEC PGM=xxx and needs AC=1 probably works fine. But you need to make sure that the other entiries, having been given AC=1 and also being in that APF-authorized library, "do no harm" if invoked by EXEC PGM=xxx. Some of the cases that are "handled" by the system (or left as an exercise to the programmer) are 1. AC=1 but not in an APF-authorized library (AC=1 is irrelevant in this case) 2.AC=1 in an APF-authorized library LOADed or LINKed to (et al) by a non-APF-authorized jobstep: AC=1 is irrelevant, as the jobstep is not authorized 3.AC=1 in an APF-authorized library LOADed or LINKed to by an APF-authorized jobstep. The program running is expected to know what it is doing. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
