In <8189023945771520.wa.paulgboulderaim....@listserv.ua.edu>, on 04/03/2013 at 07:29 AM, Paul Gilmartin <paulgboul...@aim.com> said:
>It leaves a couple holes Not really. >o Jobstep program is AC(1), from an authorized library, so > the environment was authorized. Then that program is responsible for not creating any security exposures. >o Jobstep program ATTACHEs a subprogram AC(0), from an > authorized library, bound with NOLONGPARM, passing an > argument longer than 100 bytes. Is that program written to work properly with that parameter? If not, then the AC(1) program has an integrity violation for calling it. >Or: >o JCL specifies "EXEC PGM=jobstep program,PARMDD=ddn" >o Jobstep program is AC=1, from an authorized library, no > LONGPARM attribute. >o The PARM resolved from ddn is no longer than 100 bytes. >o Is this permissible? I would actually hope not: > - there's a lower potential astonishment factor if the > restriction applies to any such use of PARMDD, I would consider that to be a bug and at best to be more surprising than only testing the length. There's nothing in the string "LONGPARM" to suggest that it applies to short parm data. -- Shmuel (Seymour J.) Metz, SysProg and JOAT Atid/2 <http://patriot.net/~shmuel> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN