I seem to remember a thread from long ago that discussed "unchangeable defaults". :-)
---- Original message ---- >Date: Thu, 17 Sep 2009 17:18:30 -0400 >From: Alan Altmark <alan_altm...@us.ibm.com> >Subject: Re: TDISK and SYSTEM CONFIG question. >To: IBMVM@LISTSERV.UARK.EDU > >On Thursday, 09/17/2009 at 04:00 EDT, "Gentry, Stephen" ><stephen.gen...@lafayettelife.com> wrote: >> As mentioned in my question below, we have to format the defined temp >> minidisk every time. So, from that point of view, the data is gone. I >> didn't think of the DDR situation. However, a class G user would have to >> know where the T-DISK area is defined. They cannot issue a QUERY ALLOC >> TDISK or QUERY TDISK command. T-DISK's can be placed anywhere, so >> security by obscurity. I know that last comment won't fly with >> auditors, which is what this whole curiosity going anyway. The auditor >> is primary concerned with class G users. > >The auditor's concerns are valid; if you do not enable CLEAR_TDISK, then a >class G user can see residual data on a t-disk. Even if the user can't >run DDR or ACCESS the disk, its contents are visible. > >If I get my way, ENABLE CLEAR_TDISK will become the default and you won't >be able to change it. :-) > >Alan Altmark >z/VM Development >IBM Endicott
