On Tuesday, 09/15/2009 at 03:27 EDT, Steve Marak <sama...@gizmoworks.com>
wrote:
> I agree with that ("the guest cannot be allowed to harm CP") but has
that
> actually been formally - or even informally - accepted by the Powers
That
> Be?
Yes, it is in the Statement of System Integrity in the General Information
Manual.
> I ask because I still remember, as though it were yesterday, opening a
> security/integrity APAR against VM back in the mid-1980's because any
> class G user could knock CP down by defining a shared and a nonshared
> device on the same virtual control unit, and being told that that was
NOT
> a security or integrity issue, and that no fix would be forthcoming.
Under "today's" rules, that would be an Integrity problem.
o If a class G (only) user can repeatedly or with malice of forethought
hang or abend CP, it WILL be classified as an integrity problem (denial of
service).
o If a class G user happens to do something that triggers an abend or hang
due to a "system malfunction", it will NOT be classified as an integrity
problem.
o If the system abends or hangs because it is overloaded (memory, CPU), it
will NOT be classified as an integrity problem.
o Just because it isn't an integrity problem doesn't mean it isn't a
defect.
Alan Altmark
z/VM Development
IBM Endicott
