On Mon, 3 Mar 2014 20:25:40 -0500, Micheal Butz wrote: >That is exactly right if you are running an ISPF program e.g. One that used DM >services >It's best to be in problem state while issuing the DM service > >Being in supervisor whine issuing DM services causes problems > I would hope that anyone who codes a program to issue DM services and links it AC=1 into an authorized library would take suitable steps to ensure system integrity.
>> On Mar 3, 2014, at 8:06 PM, Walt Farrell wrote: >>> ... >>> I have no idea why APF authorized library and link edit with AC=1 alone >>> don't suffice. >> >> In part because, depending on what the APF-authorized program does, it can >> be dangerous to allow it to run under TSO, or dangerous to allow it to run >> with certain forms of parameter list. >> Aha! The difference between a JCL-style PARM and the CPPL. But I see there's an AUTHCMD section of IKJTSOxx to take care of that. I see little need for AUTHPGM. But ... >> And, I think, in part for performance. If a program is not in the table then >> the TMP does not need to figure out whether the program is in an >> APF-authorized library and linked AC(1), it can simply invoke it using >> ATTACH or LINK, without needing to setup the special protections needed for >> running APF-authorized programs under TSO. >> Nearly pointless. There are numerous ways to waste resources without APF authorization. >> And in part for function, since a program invoked in the method required for >> APF-authorized programs is in some ways limited in what it can do (it can't >> interact with ISPF, for example, without special coding in the program). >> In which case, it simply fails. Does this threaten system integrity? See my first remark above. I can't imagine why someone would APF-authorize a program which interacts with ISPF without such "special coding". -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN