On Sun, 30 Jul 2006 23:47:00 +0000 "Jeffrey D. Smith" <[EMAIL PROTECTED]> wrote:
:>From: "Binyamin Dissen" <[EMAIL PROTECTED]> :>Sent: 7/30/2006 10:13 AM :>To: "IBM-MAIN@BAMA.UA.EDU" <IBM-MAIN@BAMA.UA.EDU> :>Subject: Re: APF Authorized Code/Libraries. :>On Sun, 30 Jul 2006 09:08:00 -0300 "Shmuel Metz (Seymour J.)" :><[EMAIL PROTECTED]> wrote: :>:>In <[EMAIL PROTECTED]>, on :>:>07/28/2006 :>:> at 05:16 PM, Wayne Driscoll <[EMAIL PROTECTED]> said: :>:>>While that is true, since non-reentrent code loaded out of an APF :>:>>authorized library is loaded into KEY 8 storage, there is an :>:>>integrity exposure if said code is loaded into a multi-user address :>:>>space, since it is open to being modified (by accident or by intent) :>:>>by a non-authorized program. :>:>Authorization is at the address space level. Normally it's impossible :>:>for authorized and unauthorized programs to run concurrently in the :>:>same address space. If your authorized code circumvents the normal :>:>safeguards then you have more serious issues than what key the code is :>:>loaded under. :>Actually authorization is at the jobstep task level. :>Some TSO commands can be attached authorized. TSO starts a parallel TMP as a jobstep task, and runs the command under it. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html