I guess I should have read Richard's response closer. So, I'll echo Dennis's question as well. What security problem? We do not have CLEAR_TDisk enabled. Every time we define a t-disk, it HAS to be formatted, no exceptions. Steve
-----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of O'Brien, Dennis L Sent: Thursday, September 17, 2009 2:15 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: TDISK and SYSTEM CONFIG question. What "security problems" in T-Disk? If you enable Clear_TDisk, there's no security problem. Even if the system crashes while confidential data is on a T-disk, it's cleared at IPL time before the T-disk space is eligible to be given to users. Dennis O'Brien My computer beat me at chess, but it was no match for me in kickboxing. -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Thursday, September 17, 2009 08:22 To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] TDISK and SYSTEM CONFIG question. If you have the page space to support it, you can get by without TDSK space by using V-disk. It is always cleared very quickly, by CP, before it is used and does not pose the security problems that you find in T-disk. A large V-disk is also faster to format than is a T-disk of equal capacity. Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark > Sent: Wednesday, September 16, 2009 6:51 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: TDISK and SYSTEM CONFIG question. > > On Wednesday, 09/16/2009 at 07:14 EDT, "Gentry, Stephen" > <stephen.gen...@lafayettelife.com> wrote: > > > Further, and in the same manual, it states that you can clear each > T-DISK > > before it is reassigned. It depends on your point of view but this > seems > > contradictory. Clear, in my opinion, means the T-DISK > created with the > DEFINE > > command is completely cleared. Of course clearing cylinder 0, in > > effect, > makes > > the area unreadable. Also one section of the manual seems > to say that > the area > > is cleared at IPL time, the other section seems to say it is cleared > before it > > is reassigned. > > Clearing cyl 0 only does not prevent you from reading the > other cyls on the volume; it simply stops you from mounting > it in the "usual" fashion. > > The z/VM Secure Configuration Guide tells you to enable > CLEAR_TDISK in SYSTEM CONFIG. If you configure your system > much the way it is described in that book, your auditor won't > have any arguments with you. > > Alan Altmark > z/VM Development > IBM Endicott >
