It doesn't need to specifically mention UNIX, gil. If someone managed to inappropriately escalate their privileges to root, what would that let them do? Answer: they would be able to bypass some set of security protections provided by RACF. That's enough to qualify for an APAR under, as I understand the Statement of Integrity.
-- Walt On Fri, 12 Jun 2015 16:36:41 -0500, Paul Gilmartin <paulgboul...@aim.com> wrote: >... Specifically, z/OS “System Integrity” is >defined as the inability of any program not authorized by a mechanism under >the installation’s control >to circumvent or disable store or fetch protection, access a resource >protected by the z/OS Security >Server (RACF®), or obtain control in an authorized state; that is, in >supervisor state, with a protection >key less than eight (8), or Authorized Program Facility (APF) authorized. > >Does this cover a UNIX user's escalating privileges to root? None of >"circumvent or disable store or >fetch protection", "in supervisor state", "with a protection key less than >eight (8)", nor "Authorized >Program Facility (APF) authorized" would seem to apply -- I believe root >relies none of these. Is root >covered by the remaining "access a resource protected by the z/OS Security >Server (RACF®)"? > >Or would a clarification be in order? At least nowadays the SoI ought to >mention UNIX. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
