ide to just add a 255 byte field with
spaces to the code and move that with MVCDK.
Again, thank you to all that responded.
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions
>
>> And, if MVCDK does not work a byte at a time, what would be a correct
>> solution for this? Copy a byte at a time with MVCDK in a loop, like the
>> programming example in the POP with the MVCSK instruction?
>>
>
>That should work, though not with great efficiency. Why not just have a
instruction?
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
in key 0, not fetch protected storage, regardless where they reside?
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
I loaded some registers with values and then used a DC H'0' instruction to
force a 0C1 abend and when I looked at the contents of the registers I assumed
it abended inside the SVC, while actually it abended with the 0C4 in the
calling routine.
One of the registers had a value of 0x0080
Hello Rob,
It is a user SVC that has been on our system for a long time and it is used by
a number of applications. So unfortunately our best (short time) option is to
secure the SVC.
I will contact you of list if that is ok about the sample code for a pc routine.
Kind regards,
Erik.
On Fri,
, and these routines are of course not the
easiest to handle. But I like taking on such a challenge, because the amount of
stuff you learn is always very satisfying.
Kind regards,
Erik Janssen.
On Thu, 2 May 2024 14:07:25 +, Peter Relson wrote:
>Please try to have different threads with suita
I can see in the dump that my program is in subpool 251 and this is fetch
protected, so it explains the abend I guess.
SUBPOOL 251 KEY 08 OWNED BY TCB 008D2AA0
ADDRESS 2000 LENGTH 2000
FREE AREA 2000 LENGTH 00A8
Is there a way to force the program to go to
I took your advises to heart, started using RBLINKB instead of RBLINK.
I wasn't aware I could use a label on a using and use that for reference.
We have an existing SVC that reads from a given memory location and I want to
secure it to use MVCDK and MVCSK, thus my need to find the caller's key.
5 upon entry, that is the
>RBOPSW you would want to interrogate. Your code is looking at the PSW at
>the time the callers RB was created, mostly via a LINK or ATTACH SVC, since
>it was a problem program.
>Wayne Driscoll
>Note: all opinions are strictly my own.
>
>On Tue, Apr 30, 2
t one, and if so, how do you know if you reached the top RB,
or is my approach really wrong?
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu w
On Fri, 26 Apr 2024 21:36:36 +, Seymour J Metz wrote:
>NO! Use RBOPSW; the caller might not be in the PSW key.
>
>--
Could you explain in what situation that happens? Is that when the task is
multihreaded and another thread has changed the key in the psw in between the
call to the svc and
It is a type 3 svc.
I also saw an example that uses the TCBPKF field to determine the key. So I
guess that is also an option?
On Fri, 26 Apr 2024 20:20:26 +, Seymour J Metz wrote:
>What type of SVC? The SVRB only exists for 3, 3 and 4.
>
>--
.
Is there any logic behind why MVC uses the actual byte count and MVCSK uses the
'number of bytes to the right'?
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists
Let me try and keep this thread alive ;-)
If the environment variables are in a LE data block, then where were they kept
when omvs was first introduced? I was under the impression that omvs was
introduced by before LE, or am I wrong?
Kind regards,
Erik Janssen
On Sat, 7 Oct 2023 08:59:28 +0800
with the information I guess.
On Sun, 13 Aug 2023 01:30:49 +, kekronbekron
wrote:
>Is the **algorithm** documented... you know, in words, with examples?
>
>
>--- Original Message ---
>On Saturday, August 12th, 2023 at 10:21 PM, Erik Janssen
> wrote:
>
>
>&
See:
https://github.com/openmainframeproject/tersedecompress
Kind regards,
Erik.
On Sat, 12 Aug 2023 05:19:43 +, kekronbekron
wrote:
>By any chance, is the algorithm for tersing/untersing publicly available?
>
>--
>For
I'm not sure how important your system is, but the example you send indicates
that the bpxas is running on behalf a ssh session. If most of the bpxas address
spaces are running for ssh, you might want to investigate why you suddenly see
an increase of ssh sessions coming into your system.
Kind
Hello Jan,
If you have python available there are a number of tools that can do what you
want. The answer in this link shows some options:
https://stackoverflow.com/questions/53112554/tcp-traceroute-in-python
Kind regards,
Erik.
On Fri, 21 Oct 2022 06:22:14 -0500, Jantje. wrote:
>Dear
thought I'd share.
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
:
>On Thu, 2 Jun 2022 15:19:47 -0500, Erik Janssen wrote:
>
>>Ah yes, it is actually on the panel; 'Use the pathname substitution character
>>!' :-)
>>That what I was looking for, I already thought that there had to be some way,
>>I just didn't notice it.
>>I was alr
Ah yes, it is actually on the panel; 'Use the pathname substitution character
!' :-)
That what I was looking for, I already thought that there had to be some way, I
just didn't notice it.
I was already using 3.17 basically, but since some recent z/os release you can
just type in a unix
on the Pathname? For example,
I would like to be able to go to 3.4, enter /u/someuser/somegitproject and run
a git status command and have it run with /u/someuser/somegitproject as the
current directory.
Kind regards,
Erik Janssen
on.gmu.edu/~smetz3
>
>
>From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
>Erik Janssen [eaw.jans...@gmail.com]
>Sent: Monday, February 21, 2022 3:59 PM
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: creating a python login
to give the access
and not some rogue program that was just named likewise in an untrusted
library. So I didn't want to imply that identity changing is the only 'use
case' for program control.
On Tue, 22 Feb 2022 04:30:49 -0600, Erik Janssen wrote:
>Thanks for the pointers! Very interesting
to allow that to happen if you know where the module that wants to do that was
loaded from.
I will see if I can get slack up and running :-)
Kind Regards,
Erik.
On Tue, 22 Feb 2022 08:35:50 +0800, David Crayford wrote:
>On 22/2/22 4:59 am, Erik Janssen wrote:
>> Well, the routine I
Well, the routine I wrote can handle a user, password or passphrase and
optionally an APPL to verify against.
So, even though there are a lot of options to do it different, I was more
looking for ways how such a 'service routine' that needs apf authorization
could be used from a non-authorized
Thanks, I will have a look. That is also an option of course to have a java API
do the racf check and generate a JWT that the python APIs can use to verify the
validity of the request.
On Mon, 21 Feb 2022 21:19:02 +0800, David Crayford wrote:
Hello David,
The __passwd() was our initial approach, but making python program controlled
is probably(?) not a good way to go, at least it is not delivered as being
program controlled. I guess that makes sense for an interpreted language.
The returned token itself is a basically a JWT if I
Hello List,
We are creating some APIs with python flask running on z/os (some in
combination with z open automation utilities in order to drive existing rexx /
ispf edit macro logic) and that is looking very promising. In order to properly
protect those APIs I am trying to create a
that are not recent on their
maintenance today are running with zero day exploits in APF authorized routines
that leave them extremely vulnerable.
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access instructions
Ah yes,
That makes sense.
Kind regards,
Erik.
On Tue, 21 Sep 2021 10:47:37 -0400, Tony Thigpen wrote:
>Because the translator generates:
> Call 'DFHEI1' .
>And you don't want them dynamic.
>
>Tony Thigpen
>
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
dynamic calling with a
CALL identifier? And if the latter is the case, then why is there a requirement
to use NODYNAM? Is there some other effect of DYNAM vs NODYNAM that I'm not
seeing?
Kind regards,
Erik Janssen.
--
For IBM-MAIN
number. It can be used with
ASCBASID for the SSAIR instruction
Is that incorrect information then, or am I interpreting your answer
incorrectly?
Kind regards,
Erik Janssen.
--
For IBM-MAIN subscribe / signoff / archive access
(and has often been referred to by IBM in
many documents). Is IBM intending to deliver their own port, or have upstream
support for z/os in the python base? Does anybody have more insight into what
direction IBM is taking with this statement?
Kind regards, Erik Janssen
e publicly available.
My search engines efforts to find any of the mentioned documents have failed so
far, so is there anybody on the list that has (some of) the mentioned documents
available and is willing to share?
Kind regards,
Erik Janssen.
PS. I had posted the same question through Goo
36 matches
Mail list logo
