On Wed, 9 May 2018 06:23:42 -0500, Steve Horein wrote: >On Fri, May 4, 2018 at 6:33 AM, Peter Relson wrote: >> <snip> >> I believe you. The code that was shown was assembler. Regardless, being an >> exec still means that the choice was made not to use an intended >> programming interface. >> </snip> > >If a data area is described with "Programming Interface Information" and >then referenced via Rexx STORAGE calls, is that considered a choice to not >use an intended programming interface? > ... MVC is "an intended programming interface". A carelessly authorized program can do a lot of damage with MVC.
>I am an automation administrator with regrettably zero assembler >programming skills, and tend to use such Rexx calls to alleviate the >painful process of MVS command output parsing to get information, if >available, when I can. > Might one use fork() (BPX1FRK, SYSCALL fork, ...) to run unvetted Rexx code such as IPLINFO safely unauthorized in a separate address space, returning results via a pipe or socket to an authorized caller? (Is IPLINFO free of the constraints of TSO?) -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN