IMO, use of UID(0) for a non-BCP component by a vendor or by IBM is simply an indication that the software designer is too damn lazy to determine what access they really need and simply refuse to spend the effort (and money) to determine which of the UNIXPRIV authorities might actually let them do what they need. Or just have the SUPERUSER privilege in order to switch into "root" for a short time to do something. IMO, it would be like saying that the program run by an STC needed to be put into the SCHEDxx member of PARMLIB to run non-cancelable and in PSW key 0 with a RACF id which had OPERATIONS authority.
<snip> > In one of my client's sysplexes non UID(0) UIDs are shared between a > certain > group of end users (1000s of them in some cases) and that also has to be > remediated also. But that is an AIM issue only because that sysplex didn't > use BPX.DEFAULT.USER. BPX.UNIQUE.USER would help, but it's a catch 22. > > BTW, this issue does affect ACF2 and Top Secret as well. > > Mark > -- > -- This is clearly another case of too many mad scientists, and not enough hunchbacks. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
