On Tue, 4 Mar 2014 09:25:10 -0600, Paul Gilmartin <paulgboul...@aim.com> wrote:
. . . >> >>Because it would be a major security breach. >> >That doesn't tell me much. > >Why? How? Would it be any less a security breach to invoke such a program >from JCL with "EXEC PGM=..." which likewise causes it to run in the authorized >state? > Perhaps you could get away without AUTHPGM, but AUTHTSF is required. Actually when the TSO Service Facility was created, the designers did not see a need for this, and they made use of AUTHPGM, which together with AUTHCMD already existed at that time. Some time later they saw the error of their ways and an APAR added AUTHTSF. For a long time the only place where the reason for this was explained was in the APAR that introduced it, and at some point even that was hidden from customers' view. These days the reason is explained in the TSO/E documentation: "... programs in this list (AUTHTSF) should not accept parameters that are pointers to code what is to be executed (such as exit routines) as this might introduce an integrity exposure." Such parameters cannot be provided when executing the program using JCL. The documentation even goes on to mention that IDCAMS should never be added to AUTHTSF. IDCAMS was the specific program that prompted the APAR that introduced AUTHTSF, but any number of other programs could have the same issue. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
