@Skip Taking this discussion a little sideways.
I seem to remember that if you used SYS1.LINKLIB in a JOBLIB/STEPLIB concatenation with other non-APF authorized libraries, because it is SYS1.LINKLIB - the Joblib/Steplib would become APF Authorized whether they were or not. This was due to SYS1.LINKLIB would always be apf authorized by the operating system. Am I remembering this correctly or not? Thanks Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Jesse 1 Robinson > Sent: Tuesday, December 19, 2017 3:36 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Cobol upgrade 6.2 linklist > > A linklist data set need not be authorized. If you specify LNKAUTH=APFTAB in > IEASYSxx, then an application library would be authorized only if you created > an APF entry for it. Assuming that SYS2.PRODLIB is not APF, then there is no > more danger in linklisting it than allowing users to STEPLIB to it. > > The exposure that my ancient Audit department focused on was devious code > that could be slipped into production in some random library being STEPLIBed > to in an individual job. Code like the legendary (fairytale?) case of > diverting fractions of a cent from accounts payable into a private fund. > Someone would have to vet the source code, of course, but at least there was > an audit trail from source to production. > > . > . > J.O.Skip Robinson > Southern California Edison Company > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 323-715-0595 Mobile > 626-543-6132 Office ⇐=== NEW > robin...@sce.com > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
