Mark Zelden wrote:
While I applaud IBM for finally making this change and all the
vendors who are modifying their code for this (and Sam K. and others
for pushing the vendors), I really don't have a problem running with
ALLOWUSERKEYCSA(YES) on my systems at this point. The exposure
has been there forever and making it go away overnight (in relative
terms of time) just isn't a big concern for me.
I remember having to run JES2 jobclass definitions with SWA=BELOW for
many years after MVS/XA (some shops might still have a few classes
defined for SWA=BELOW). And getting to CSCBLOC=ABOVE took some
time also. I realize it is a different issue since ALLOWUSERKEYCSA
involves system integrity, I just am not going to lose any sleep over it
at this point. Talk to me again in a couple of years...
Identifying integrity exposures is a double-edged sword. Everyone agrees
that such exposures must be identified and fixed. But, the real-world
risk posed by any such exposure is proportional to the amount of
attention you draw to it.
Things will work fine "forever" so long as exposures are not recognized.
But, once people know about -- and might try to exploit -- an integrity
exposure, it becomes a high-priority item that must be taken seriously.
Every time Sam K. or anyone else raises public awareness about specific,
existing integrity exposures, the chances for industrial sabotage to the
world's largest production z/OS installations increase dramatically. A
"bull's eye" is painted; a challenge is presented; illegal money-making
opportunities abound.
This is why IBM integrity APARs never appear in public APAR data bases.
(It's also why Micro$oft Windows vulnerabilities are not publicized
until after a fix has been developed.)
The best opportunity for IBM and ISV developers to fix these integrity
issues was in the ten-year period after the IgvNoUserKeyCsa DIAG TRAP
came out with OS/390 V2R6 (September 1997) and before the
AllowUserKeyCsa option became available with z/OS 1.8 (September 2007).
Conscientious developers took full advantage of that ten-year
opportunity. The lazy or arrogant ones did not.
IgvNoUserKeyCsa was discussed at SHARE by Bob Shannon many years ago. (A
"Bit Bucket" presentation IIRC.) Users could have helped to identify
exposures by enabling the TRAP on test/sandbox systems. Some did. Most
did not.
In any case, it should be obvious that the best policy, when dealing
with potentially serious integrity exposures, is secrecy.
--
Edward E Jaffe
Phoenix Software International, Inc
5200 W Century Blvd, Suite 800
Los Angeles, CA 90045
310-338-0400 x318
[EMAIL PROTECTED]
http://www.phoenixsoftware.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html