On Tuesday, 09/15/2009 at 03:27 EDT, Steve Marak <sama...@gizmoworks.com> wrote: > I agree with that ("the guest cannot be allowed to harm CP") but has that > actually been formally - or even informally - accepted by the Powers That > Be?
Yes, it is in the Statement of System Integrity in the General Information Manual. > I ask because I still remember, as though it were yesterday, opening a > security/integrity APAR against VM back in the mid-1980's because any > class G user could knock CP down by defining a shared and a nonshared > device on the same virtual control unit, and being told that that was NOT > a security or integrity issue, and that no fix would be forthcoming. Under "today's" rules, that would be an Integrity problem. o If a class G (only) user can repeatedly or with malice of forethought hang or abend CP, it WILL be classified as an integrity problem (denial of service). o If a class G user happens to do something that triggers an abend or hang due to a "system malfunction", it will NOT be classified as an integrity problem. o If the system abends or hangs because it is overloaded (memory, CPU), it will NOT be classified as an integrity problem. o Just because it isn't an integrity problem doesn't mean it isn't a defect. Alan Altmark z/VM Development IBM Endicott