I don't believe that read access to PARMLIB is a security risk, and it is possible that a prohibition could actually lead to security issues, but if you are under the pervue of DISA the you need to abide by their policies, although I would probably document the fact that I considered UACC=NONE for PARMLIB inappropriate.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Farley, Peter x23353 [0000031df298a9da-dmarc-requ...@listserv.ua.edu] Sent: Thursday, February 3, 2022 6:50 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: What is the audit basis to prevent read access to z/OS PARMLIB's? That was my question -- what possible attack vector can be derived form PARMLIB entries? I cannot see any such vector coming out of anything I know about PARMLIB, but I probably don’t know enough, which is why I am asking here. No passwords, no information that Mark Zelden's IPLINFO can’t retrieve anyway from a running system, so what's the issue? Peter -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Matt Hogstrom Sent: Thursday, February 3, 2022 6:43 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: What is the audit basis to prevent read access to z/OS PARMLIB's? I would suspect that it exposes potential attack vectors for the system. Ideally the system should be secure but loose lips sink ships. Matt Hogstrom m...@hogstrom.org “To my Ph.D. supervisor, for whom no thanks is too much.” > On Feb 3, 2022, at 6:12 PM, Farley, Peter x23353 > <0000031df298a9da-dmarc-requ...@listserv.ua.edu> wrote: > > I'll be the first to admit that I know just enough of what is in SYS1.PARMLIB > to be dangerous, BUT . . . > > What information could possibly be gleaned from reading PARMLIB that would > require a knowledgeable auditor to insist on restricting read access (other > than security by obscurity and sysprog/auditor job security)? > > Just curious, I don't plan on hacking anything. -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN