> Call an SVC that flips the JSCBAUTH bit back on. This is non-standard. If
> it is to be implemented even on a development system then added security
> needs to be built in to make sure it isn't misused.
Do NOT go there.
It will bite you in the a** - maybe not today - but someday.
Your real options depend on whether you have a server address space or not :
(a) You have a server address space
Use PC-ss to execute auth function or to request server collect data on
your behalf.
(b) You do not have a server address space
Use IKJEFTSR
(daylight)
Use SVC
Rob Scott
Rocket Software, Inc
275 Grove Street
Newton, MA 02466
617-614-2305
[EMAIL PROTECTED]
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of
Lindy Mayfield
Sent: 15 April 2008 17:19
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Authorized Rexx Assembler Function
For completeness, since I started this whole, ah, thing, I'm curious what they
are. Here are the techniques I've learned so far, including the one that
violates system integrity:
__ The standard acceptable method is to call TSO/E Service Facility, IKJEFTSR
and pass it the name of an authorized module.
__ Call an SVC that flips the JSCBAUTH bit back on. This is non-standard. If
it is to be implemented even on a development system then added security needs
to be built in to make sure it isn't misused.
__ Simply put all the authorized stuff into an SVC or PC routine.
That's all I've collected so far. Are there more ways?
Lindy
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of
Wayne Driscoll
Sent: 15. huhtikuuta 2008 17:49
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Authorized Rexx Assembler Function
Just to expand on Walt's statement "There are only a handful of ways of getting
a program to start running authorized, even if the module comes from an
APF-authorized library"
append "that don't violate system integrity." Sure, there are numerous ways to
make this work, but most of them have the side-effect that they leave the
system in a compromised state. In a small development system this loss of
integrity may be acceptable, but for production, or even larger development or
test systems, this would not be.
Wayne Driscoll
Product Developer
NOTE: All opinions are strictly my own.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at
http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
