Andrew Rowley wrote on 8/20/2023 4:40 PM:
On 21/08/2023 9:28 am, Lennie Dymoke-Bradshaw wrote:
Secondly, when IBM states that a task should be given the attribute
of Trusted, then I take it to mean that IBM is saying that the task
can be trusted that this attribute cannot be the source of an
exposure for that task.
I think when IBM says a task should be given trusted, it's a
stronger statement than that.
I take it to mean that the task should never be denied access by the
security system, and any denial of access risks the stability or
operation of the system.
The endpoint of the last clause above is the inability to IPL the system.
My vague recollection from back when I was a senior systems programmer
is that you set as TRUSTED any task which is necessary in order to get
enough of the system up and running so that you can logon and fix
problems. If JES2 or VTAM or (long list) fails before you can logon,
have fun fixing it. This was before there was such a proliferation of
system address spaces, but I figure the same applies.
Putting on my cynical hat (which I never really take off), TRUSTED is
a way for the systems programmer to make it harder for an over-zealous
security officer to break the system.
/Leonard
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN