> Again it is something that we take for granted in JCL that becomes > difficult to do correctly without it.
WTF? Dynamic allocation has supported temporary data sets since Old Man Noach cornered the market in Gopher Wood. We don't need mo stinking JCL for that. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Andrew Rowley <[email protected]> Sent: Wednesday, July 11, 2018 11:18 PM To: [email protected] Subject: Re: Using JCL Symbld and TYPRUN=SCAN On 12/07/2018 11:47 AM, Paul Gilmartin wrote: > On Thu, 12 Jul 2018 11:01:50 +1000, Andrew Rowley wrote: >> Creating temporary files has its own security exposures. I am always >> wary in case I am creating a security problem I don't understand. > You'd better not use SORT. I am comfortable that the temporary file facilities in JCL are secure, and constructs like DISP=(NEW,DELETE) are not an issue. And temporary files created by something like DFSORT are someone else's problem. It is temporary files in the HFS side of things that are the issue. Again it is something that we take for granted in JCL that becomes difficult to do correctly without it. A couple of articles on the subject: http://secure-web.cisco.com/19zTgw5l4mNMUIFLg54Kdy_vy9ovUURWUPgH9qMMXVmbpny7rVDAErUcD1xXOFVijoMy5AROis-PJEDTMBbfjG0LUFTJh13Dr5s_sGROocBeKc7WUVjJQkmShPbjgKyWdlRLFPlqW1TnOzgJeH5jDEUy0lcxMOu7TjQ-DWvebVmwwCwEFWUU8YLbeKu2nj71rbxyIV8Akc2BMamAsQVQ8HAIcucVuVk3M-0hWT68fYEg40lpUXrYhG486Kh5jGSlRVAn6WyinZHGfF9VmXDq0TcR9vPZZXJHoL261yMyDKz6xOXkIdwsdbSwgYaevoQZ_ZqCKwdlNSm7RGXerHeLxqrKdfh6auKz1XQow8yyEw5A-dHrNLIywohsT4feIoZ7PNjYh9MoVL2OTVrOXGqXUr9dLBVLMywBqM5SfTWv-8Cy4m9lMeVN6zn_7VNSpOJJv/http%3A%2F%2Fwww.linuxsecurity.com%2Fcontent%2Fview%2F115462%2F81%2F https://blogs.msdn.microsoft.com/secureapps/2007/01/22/temporary-file-generation-and-usage-best-practices/ There are enough issues there that for me, the best solution is point 1: Don't use tempfiles/Avoid temporary files altogether -- Andrew Rowley Black Hill Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
