On 12/07/2018 11:47 AM, Paul Gilmartin wrote:
On Thu, 12 Jul 2018 11:01:50 +1000, Andrew Rowley wrote:
Creating temporary files has its own security exposures. I am always
wary in case I am creating a security problem I don't understand.
You'd better not use SORT.
I am comfortable that the temporary file facilities in JCL are secure,
and constructs like DISP=(NEW,DELETE) are not an issue. And temporary
files created by something like DFSORT are someone else's problem.
It is temporary files in the HFS side of things that are the issue.
Again it is something that we take for granted in JCL that becomes
difficult to do correctly without it.
A couple of articles on the subject:
http://www.linuxsecurity.com/content/view/115462/81/
https://blogs.msdn.microsoft.com/secureapps/2007/01/22/temporary-file-generation-and-usage-best-practices/
There are enough issues there that for me, the best solution is point 1:
Don't use tempfiles/Avoid temporary files altogether
--
Andrew Rowley
Black Hill Software
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
