> Call an SVC that flips the JSCBAUTH bit back on. This is non-standard. If > it is to be implemented even on a development system then added security > needs to be built in to make sure it isn't misused.
Do NOT go there. It will bite you in the a** - maybe not today - but someday. Your real options depend on whether you have a server address space or not : (a) You have a server address space Use PC-ss to execute auth function or to request server collect data on your behalf. (b) You do not have a server address space Use IKJEFTSR (daylight) Use SVC Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Lindy Mayfield Sent: 15 April 2008 17:19 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Authorized Rexx Assembler Function For completeness, since I started this whole, ah, thing, I'm curious what they are. Here are the techniques I've learned so far, including the one that violates system integrity: __ The standard acceptable method is to call TSO/E Service Facility, IKJEFTSR and pass it the name of an authorized module. __ Call an SVC that flips the JSCBAUTH bit back on. This is non-standard. If it is to be implemented even on a development system then added security needs to be built in to make sure it isn't misused. __ Simply put all the authorized stuff into an SVC or PC routine. That's all I've collected so far. Are there more ways? Lindy -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Wayne Driscoll Sent: 15. huhtikuuta 2008 17:49 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Authorized Rexx Assembler Function Just to expand on Walt's statement "There are only a handful of ways of getting a program to start running authorized, even if the module comes from an APF-authorized library" append "that don't violate system integrity." Sure, there are numerous ways to make this work, but most of them have the side-effect that they leave the system in a compromised state. In a small development system this loss of integrity may be acceptable, but for production, or even larger development or test systems, this would not be. Wayne Driscoll Product Developer NOTE: All opinions are strictly my own. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html