On Fri, 1 Nov 2024 17:57:16 +, willie bunter wrote:
> Can anybody suggest how I can delete all the files, software etc. from an
>old laptop before I scrap it? The laptop in question is a DELL VISTA. I
>asked the experts at DELL but they couldn't tell me because of a lack of
>document
On Mon, 1 Jul 2024 10:37:45 +, Seymour J Metz wrote:
>Is the use of "yonder" to designate instructions with long displacements
>official IBM nomenclature? What is its provenance?
It certainly doesn't appear in the Pop. Where have you seen it used?
--
Walt
On Sun, 16 Jun 2024 17:20:34 +0300, Binyamin Dissen
wrote:
>Getting
>
>BPXF024I (TCPIP) Jun 16 06:38:15 inetd 65583 : FOMN0091 *:otelnet/tcp:
>722 bind: EDC5111I Permission denied., rsn=744C7246
>
>Not sure where it got 722 - looked in all the /etc places.
>
>Also, what permission would be requi
On Fri, 5 Apr 2024 15:36:21 -0400, Phil Smith III wrote:
>Yeah, I have SPF records.
But, increasingly, it seems to be necessary to have DMARC and DKIM properly
setup, too. I don't know if that would explain your problem with this mailing
list, though.
--
Walt
--
On Wed, 21 Feb 2024 22:37:28 -0600, Paul Gilmartin wrote:
>On Thu, 22 Feb 2024 13:45:18 +1000, Peter Vels wrote:
>
>>https://www.ibm.com/docs/en/zos/3.1.0?topic=statement-symlist-parameter
>>
>I'm looking at Page 263 of SA23-1385-60
>z/OS 3.1 MVS JCL Reference
>with the page heading DD: SYMLIS
On Mon, 15 Jan 2024 14:45:06 -0600, Joe Monk wrote:
>How would that be practical? How would you, for instance, do a batch update
>to an encrypted dataset from a CICS vsam file?
Sorry; I don't understand the question. How do you do it today?
--
Walt
On Mon, 15 Jan 2024 16:15:38 +, Eric D Rossman wrote:
>Answering a number of comments in order, in one message.
>
>First: I don't think being able to encrypt load libraries is worth it.
>Encrypted executables, in general, are not going to increase security.
>
>Jousma, David:
>
>> Additionall
Have you looked at the descriptions of the two fields?
From https://www.ibm.com/docs/en/zos/2.1.0?topic=us-important-fields-in-sdwa I
see:
SDWAEC1
This field contains the PSW that existed at the time of the error.
SDWAEC2
The contents of this field vary according to the type of recovery
On Mon, 11 Dec 2023 09:50:34 -0600, John Blythe Reid
wrote:
>The client never got the RACROUTE macro to work. Instead they've opted to use
>the CICS command EXEC CICS QUERY SECURITY and that works ok. Does anyone think
>that the problem may be due to issuing a RACROUTE macro inside a CICS
>tr
On Sat, 25 Nov 2023 20:38:43 -0600, Paul Gilmartin wrote:
>I believe that several years ago IBM Pubs decreed that "data set"
>rather than "dataset" was preferred style and swept documentation
>emending the latter form. It seems to be creeping back. I just
>did a crude scan of the 3.1 .pdfs a d
On Tue, 21 Nov 2023 12:23:24 +0400, Peter wrote:
>Cloning and creating one user is easy but
>
>I want to clone and create 10 userid at once .
>
>Is it possible to achieve it through DBSNC.?
DBSYNC can give you the commands to create 1 user based on another one.
Copy/Paste of those commands fol
IBM used to, and may still, supply an unofficial REXX exec that I wrote named
DBSYNC. One of its operational modes allows cloning a user, though I don't
recall if that is described in the documentation or only anecdotally on RACF-L.
And I have no idea where such tools & toys are distributed toda
On Sat, 11 Nov 2023 08:59:07 -0500, David S. wrote:
>To help resolve a question posted to a LinkedIn group I manage:
>www.linkedin.com/feed/update/urn:li:groupPost:910927-7128598004344786944
>... I'd like to find out if there's any way to achieve *true*
>Skip-Sequential processing with a Fixed Bl
On Mon, 28 Aug 2023 15:21:55 -0500, Paul Gilmartin wrote:
>I use the WWW interface to post to IBM-MAIN. At times it tells me I have
>lingering drafts. Each shows a trashcan icon. Clicking it usually fails
>or causes a window hang. Is there a trick?
>
>I may have just discovered that it work
On Wed, 23 Aug 2023 19:58:07 +0100, Lennie Dymoke-Bradshaw
wrote:
>Excellent. Now why didn't I think of that?
>Thank you Walt.
You're welcome, Lennie :)
--
Walt
--
For IBM-MAIN subscribe / signoff / archive access instructi
On Tue, 22 Aug 2023 13:07:01 +0100, Lennie Dymoke-Bradshaw
wrote:
>I am trying to determine which users are using the TSO CONSOLE command.
>
>This is controlled one of those TSOAUTH checks that are done at LOGON time
>and the results of the RACF check are stored in the PSCB in bit PSCBCNAU. So
>
There are a number of hits that seem relevant when I do a search for "android
version of dosbox", and once you have dosbox installed you should have access
to a bunch of old DOS-based text games, including versions of Colossal Cave, I
believe. I have not tried this personally, but I use dosbox o
Thanks, Hobart.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
On Thu, 29 Jun 2023 18:10:06 -0500, Hobart Spitz wrote:
>https://chat.openai.com/share/1718b445-7a89-47a3-ab23-b670aa8c2211
That URL gives a 404 error, for me.
Perhaps you could have your conversation again, and quote the conversation here
directly next time?
--
Walt
---
On Thu, 8 Jun 2023 05:29:41 -0500, Michael Babcock
wrote:
>
>And I simply don't see why RACF could not be made to generate more than
>one SAN. Will that change with z/OS 3.1?
The RACF-L mailing list would be a better place for that part of your question,
and (perhaps) for the complete questio
On Sun, 30 Apr 2023 09:49:30 -0400, Joseph Reichman
wrote:
>Do the keywords have to be enter the way they are laid out in the PCL
>
>I would think not
>
>Because that's why they are keywords
>
>However when I don't enter them that way it does not hit the validity exit
From earlier in the thr
On Thu, 27 Apr 2023 10:01:06 -0400, David Spiegel
wrote:
>Had I thought (originally) that "Pull" was the issue,. I would've
>figured it out on my own.
Using the tracing functions in REXX to do the debugging, rather than browsing
the data set itself, would also have been helpful.
--
Walt
---
On Thu, 23 Mar 2023 09:34:02 -0500, John McKown
wrote:
>I got curious about how many possible different values could exist in a
>dataset "node". A node can be 1 to 8 characters long. The first character
>must be A-Z @#$ or 29 characters. Subsequent characters are those 29 plus
>digits 0-9 and a
On Wed, 8 Feb 2023 14:31:02 -0600, Tom Longfellow
wrote:
>Excellent procedure and approach. And a good path to maybe resurrecting the
>application someday.
>
>I am still trying to sell the concept that a successful migration consists of
>not only the data, But a least someway to CRUD (Create
On Thu, 19 Jan 2023 15:02:06 +, Robert Prins
wrote:
>And then you realise that the question should have been, "How do I get at
>it (control-block chasing-wise) in REXX?".
>
At what time in the user's logon, and where is the REXX exec running?
And why are you trying to do this from REXX? Wh
On Wed, 26 Oct 2022 17:06:06 +, Seymour J Metz wrote:
>PDFBox is certainly the way to go for the title, but IBM doesn't appear to be
>putting the forms code anywhere accessible.
The form code is certainly in the text, e.g., at the bottom of the cover page.
So you should be able to extract
On Tue, 25 Oct 2022 10:33:23 -0500, Paul Gilmartin wrote:
>On Tue, 25 Oct 2022 08:55:09 -0500, Walt Farrell wrote:
>>>>
>>>>>On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote:
>>>>>> %03=(ENDBEFR=C'.',FIXLEN=8
On Sun, 23 Oct 2022 09:36:49 -0500, Paul Gilmartin wrote:
>On Sun, 23 Oct 2022 08:59:09 -0500, Walt Farrell wrote:
>>
>>>On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote:
>>>> %03=(ENDBEFR=C'.',FIXLEN=8), # Node 3
>>&g
On Sat, 22 Oct 2022 10:03:49 -0500, Paul Gilmartin wrote:
>On Sat, 22 Oct 2022 04:09:43 +, Sri h Kolusu wrote:
>>...
>> %03=(ENDBEFR=C'.',FIXLEN=8), # Node 3
>> ...
>Thanks. I've wished for something line FIXLEN in regular expressions.
Got an example of what
On Wed, 12 Oct 2022 09:51:36 +0100, Lennie Dymoke-Bradshaw
wrote:
>It was Pierre's previous posts about replacing a password using ICHEINTY and
>R-admin.
>Maybe I have mixed up two distinct issues.
Perhaps, but that earlier/ongoing thread talking about "having a RACF encrypted
password" and "
On Tue, 27 Sep 2022 13:50:14 -0500, Paul Gilmartin wrote:
>
>Breaking an existing authorized program in that fashion could be a buffer
>overrun leading to escalation of privilige; an integrity threat that I'd
>consider
>an incompatibility.
But are you talking about PARM=, which Peter has covere
On Fri, 2 Sep 2022 14:39:22 +, Sri h Kolusu wrote:
>>> How can the programmer select which of the two supported versions DFSORT
>>> will use? The later examples seem to show only EREs or to be neutral. An
>>> example showing a BRE instead would be useful.
>
>Paul,
>
>Since both versions a
On Fri, 2 Sep 2022 07:33:27 -0500, Paul Gilmartin wrote:
>In DFSORT Application Programming Guide:
>INCLUDE Control Statement
>Regular expressions
>...
>Two versions of regular expressions are supported:
>• Basic Regular expressions (BRE)
>• Extended Regular expressions (ERE)
>
..
On Wed, 31 Aug 2022 11:13:57 -0500, Paul Gilmartin wrote:
>>In any case, "[^abc]" does not match "wombat". It matches only a single
>>character of a string. So, it might match the "w" in "wombat", or the "o", or
>>the "m", or the "t", depending on other details of the input string being
>>pro
On Wed, 31 Aug 2022 16:35:27 +, Sri h Kolusu wrote:
>>>The DFSORT manual (and others) should not attempt to explain regular
>>>expressions. They should defer to citing a single publication with such an
>>>explanation.
>
>I completely agree, however each component within IBM is implementin
On Wed, 31 Aug 2022 10:03:21 -0500, Paul Gilmartin wrote:
>
>"[^abc]" matches any string containing a character
>other than a, b, or c. It matches "wombat". However,
>"^[^abc]*$" matches strings containing no character
>other than a, b, or c. It does not match "wombat".
Was that something yo
On Wed, 24 Aug 2022 09:55:56 -0500, Michael Babcock
wrote:
>I’m trying to define the MVS.MCSOPER.&RACUID*/READ profile global class.
>
>I issued the following in batch:
>
> RDEF GLOBAL OPERCMDS OWNER(PXX) UACC(NONE)
>ADDMEM(MVS.MCSOPER.&RACUID*/READ)
>
>READY
>
> SETROPTS GLOBAL(OPERCMDS)
>REFRE
On Mon, 22 Aug 2022 16:16:06 -0500, Paul Gilmartin wrote:
>Why is there an AUTHPGM NAMES list at all? Why shouldn't it just be
>* (everything)
>???
>
>I can imagine several reasons: Even some authorized programs might not
>be trusted not to modify the WAITing TSO task (IKJEFTT09?), perhaps
On Mon, 22 Aug 2022 09:47:44 -0500, Paul Gilmartin wrote:
>On Mon, 22 Aug 2022 09:42:25 -0500, Walt Farrell wrote:
>
>>>I forgot to mention that "IDCAMS" is included on the
>>>SYS1.PARMLIB(IKJTSOxx)) AUTHPGM NAMES list
>>
>>Yes, that would be require
On Mon, 22 Aug 2022 15:39:52 +, Seymour J Metz wrote:
>Why do you say that? The CALL command is a very different animal from ADDRESS
>LINKMVS.
As I recall, Lizette said she was mandated to use LINKMVS. And as we have
pointed out, for her purposes, LINKMVS will not work.
I think Jack was s
On Mon, 22 Aug 2022 14:01:46 +0100, Jack Zukt wrote:
>I forgot to mention that "IDCAMS" is included on the
>SYS1.PARMLIB(IKJTSOxx)) AUTHPGM NAMES list
Yes, that would be required in order for your TSO CALL command to invoke IDCAMS
with APF-authorization.
--
Walt
-
On Sat, 20 Aug 2022 13:28:29 -0700, Lizette Koehler
wrote:
>I think what I am having a challenge with is the STGADMN.IDC.DCOLLECT in
>Facility Class
>
>The UACC is NONE but the ACL has * READ
>
>The process creates the JCL Statements in ALLOC statements. SYSIN will
>contain the DCOLLECT co
On Tue, 16 Aug 2022 19:49:16 -0700, Lizette Koehler
wrote:
>I am actually using LINKMVS and that is getting the error
>
>I want my general user to be able to do things without knowing idcams
What, exactly, does your code do, Lizette? What are you invoking with LINKMVS,
and what are you passin
On Fri, 1 Jul 2022 10:07:34 -0700, Tom Brennan
wrote:
>archive.org shows it was used by IBM, but years ago.
Thanks.
Looks like it was still in use on Feb. 18, 2020, but it became a redirect to
community.ibm.com by Aug. 1, 2020, according to the Wayback Machine.
--
Walt
On Fri, 1 Jul 2022 00:07:27 -0400, Gabe Goldberg wrote:
>www.destinationz.org isn't quite what one would expect for IBM's
>mainframe community website.
>
>Did someone let domain registration expire, was it hacked or redirected?
Was it ever used for that purpose? I see no Google references to tha
On Mon, 27 Jun 2022 10:20:43 -0500, Mike Cairns wrote:
>One important difference you might need to be aware of is between a normal
>RACROUTE call that executes under the authority of the current user associated
>with the running address space (a First Party call - i.e. checking your own
>curre
On Mon, 1 Mar 2021 09:12:59 -0500, Joseph Reichman
wrote:
>I have 100 files concatenated that are normally processed by qsam with a lrecl
>31996 and blksize 32000
>
>Since processing takes a long time I was looking to speed things up by
>specifying a blksize of 32 in the DCBE
>
>After the
On Tue, 24 Nov 2020 10:35:40 -0600, Elaine Beal wrote:
>I give up :), asking for help
>
>Defining a new user and logon proc issues
>
>SET &DSNAME = &SYSUID..ISPTABL
>ALLOC FI(ISPPROF) SHR DA('&DSNAME.')
>
>the dsn is new and evidently the alloc fails
>
>but i can manually alloc a new dsn
On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote:
>Applications should not "validate" filenames before attempting to open or
>create a file. Present the name to the file system API and report any error
>back to the user. Application filename validation is what leads to these
>inconsiste
On Tue, 29 Sep 2020 19:58:06 -0500, Paul Gilmartin wrote:
>On Tue, 29 Sep 2020 16:59:34 -0700, Charles Mills wrote:
>
>>Applications should not "validate" filenames before attempting to open or
>>create a file. Present the name to the file system API and report any error
>>back to the user. App
On Mon, 3 Aug 2020 04:16:38 +, Gadi Ben-Avi wrote:
>But that would mean checking if the user has access, or if the user has access
>through any of the groups it is connected to.
If I remember correctly, if the user can see anything from the profile that
protects the resource then he has a
On Sat, 13 Jun 2020 23:32:02 -0400, Bob Bridges wrote:
>Gil, you mustn't think I plan to make it a habit but I think I'm going to
>disagree with you on every point, here:
>
>o Well, maybe not on the first one: What's "TOCTTOU"?
Time Of Check To Time Of Use. As you're making the check, a securi
On Mon, 4 May 2020 16:29:48 -0400, Tony Harminc wrote:
>On Mon, 4 May 2020 at 04:23, Barbara Nitz wrote:
>
>> Doesn't matter. With an IMS region, you cannot use cancel (z/OS:
>> "non-cancelable, use force arm"). You cannot use force arm (z/OS: "cancel
>> first, please"). And you cannot use for
On Thu, 30 Apr 2020 19:46:04 +, Frank Swarbrick
wrote:
>Is z/OS still limited in all cases to 8 upper case characters? I am curious
>if a user that only has access to MQ might be able to have a longer and
>ideally mixed case user ID. They wouldn't have access to TSO or CICS or IMS.
It is
On Thu, 26 Mar 2020 13:10:18 -0500, Paul Gilmartin wrote:
>On Thu, 26 Mar 2020 17:54:58 +, Seymour J Metz wrote:
>
>>ObSchiller IPCS is part of z/OS. All dangerous facilities of IPCS are
>>controlled by SAF. If your management capriciously prohibits you from using
>>it, the responsibility i
On Sun, 12 Jan 2020 09:27:52 +, Jeremy Nicoll
wrote:
>On Sun, 12 Jan 2020, at 04:24, Phil Smith III wrote:
>> From a book:
>>
>> "... located a Trojan virus during a routine mainframe defrag."
>
>I dunno about the first bit, but "routine mainframe defrag" is fine.
>DFDSS has a DEFRAG verb.
On Wed, 4 Dec 2019 01:28:39 +, Lennie Dymoke-Bradshaw
wrote:
>Jesse / Skip,
>
>This is actually defined as being a requirement in "DFSMS Access Method
>Services Commands" SC23-6846-30. See Page 6, or just search for AUTHCMD and
>you will quickly find it. It states the following,
>
>"To use
On Mon, 18 Nov 2019 20:03:59 +, Seymour J Metz wrote:
>What do you mean by "the initial program"? The TMP doesn't need to be in any
>list.
>
>There are a few caveats on authorization.
>
> Whether the entire linklist is autoorized depends on what you have in
> PARMLIB.
>
> Anything in th
On Mon, 18 Nov 2019 10:54:06 -0500, scott Ford wrote:
>So guys, stupid question what about a STC that provisions for RACF, etc.
>But the design is as a normal generalized user, but with a id
>with SPECIAL that is invoked only during the time of passing the command to
>RACF ? Does it have to be AP
On Sun, 17 Nov 2019 19:10:16 -0600, Paul Gilmartin wrote:
>On Sun, 17 Nov 2019 15:50:53 -0600, Walt Farrell wrote:
>
>>On Sun, 17 Nov 2019 00:33:29 +, Leonardo Vaz wrote:
>>>
>>>But wouldn’t that program be system integrity even if not placed on AUTHPGM?
>
On Sun, 17 Nov 2019 00:33:29 +, Leonardo Vaz wrote:
>
>But wouldn’t that program be system integrity even if not placed on AUTHPGM?
>The user could execute it batch first example and
>change his ACEE or anything else.
No, that wouldn't be a problem, because if the user wrote his own progr
On Sat, 16 Nov 2019 15:30:01 +, Leonardo Vaz wrote:
>I am curious now, does a custom homegrown program have to take extra
>precautions to be placed under AUTHPGM? What would those be?
>
Usually, no.
Sometimes, depending on what the program does, yes.
For example, consider a program which
On Fri, 25 Oct 2019 09:30:27 -0500, Steve Horein wrote:
>However, with the name, I can leverage some tools to open and read the data
>set to get pertinent info. For example, this NetView PIPE recipe can get
>what appears to be the TITLE and JOBNAME from the first record at columns
>89 and 1151:
>
On Wed, 11 Sep 2019 12:15:11 -0500, Paul Gilmartin wrote:
>As I follow this thread, I wonder why CICS doesn't submit batch jobs
>with the credentials of the requesting individual rather than the CICS
>region.
Some of the IBM CICS designers over the years have wanted to allow that. The
IBM z/OS
On Wed, 24 Apr 2019 12:10:59 -0500, John McKown
wrote:
>>
>>
>> Why are passwords restricted to a maximum length of 8, and passphrases
>> restricted to a minimum length of 9?
>>
>
>Passwords are restricted to a max of 8 for historical reasons. They were
>once kept in SYS1.UADS -- the TSO reposi
On Wed, 13 Mar 2019 11:39:30 -0700, Lizette Koehler
wrote:
>Dear List -
>
>I am trying to run a batch REXX that issues CONSPROF or CONSOLE commands.
>
>I have set up everything in IKJTSO00 for CONSOLE, I have updated the RACF
>TSOAUTH for the ID issuing the commands
>
>The process will VARY OFFL
On Thu, 7 Mar 2019 19:33:31 +, Seymour J Metz wrote:
>My understanding is that he needs ISPF services in his application.
Then he is probably not going to be able to get it to run, safely and with
integrity, under TSO/E. It will need a multi-address space implementation
unless he's very lu
On Thu, 7 Mar 2019 15:45:14 +0200, Steff Gladstone
wrote:
>But if I TSOEXEC CALL the Cobol I/O routine, will it retain the context
>between calls? Won't the DCBs and ACBs and working storage be reinitialized
>on every call?
You need to TSOEXEC CALL the main COBOL program. It must run isolated,
On Wed, 6 Mar 2019 17:26:56 +, Seymour J Metz wrote:
>ATTACH by an unprivileged application cannot change the authority and
>privileges of the address space. TSOEXEC passes the request to the Terminal
>Monitor
>Program (TMP), which sets the unauthorized tasks nondispatchable before
>attac
On Wed, 6 Mar 2019 19:29:05 +0200, Steff Gladstone
wrote:
>One further question:
>
>Would use of IKJEFTSI/IKJEFTSR/IKJEFTST work here? I.e., provide an
>isolated eenvironment for RACF while maintaining continuity within the I/O
>routine without re-initializing its working storage on each call?
On Wed, 6 Mar 2019 19:01:25 +0200, Steff Gladstone
wrote:
>
>This works ok for privileged users (i.e., the subtasking and I/O logic
>works fine, the COBOL I/O routine is not reintiaiized on each call, and of
>course there are no RACF issues). But for non-privileged users RACF issues
>the follo
On Wed, 6 Mar 2019 19:01:25 +0200, Steff Gladstone
wrote:
>
>The COBOL I/O routine is called by a fairly complex TSO/ISPF application.
>So we decided to communicate to the I/O routine via a subtask in order to
>simplify the environment (as per Walt Farrell's claim that a new TCB
>creates a paral
On Mon, 4 Mar 2019 16:53:24 +, Jesse 1 Robinson
wrote:
>On two different RACF plexes, we have these two profiles in the SDSF class:
>
>ISFCMD.ODSP.* (G)
>ISFCMD.ODSP.** (G)
>
>I'm confounded to explain the difference between one or two asterisks. Help?
The two differences:
(1) ISFCMD.ODSP.*
On Thu, 21 Feb 2019 15:22:33 +, Seymour J Metz wrote:
>AFAIK it won't reset the dirty bit. It does isolate AC(0) from AC(1).
Yes, it will, for that isolated parallel environment.
--
Walt
--
For IBM-MAIN subscribe / signof
On Wed, 20 Feb 2019 15:51:23 +0200, Steff Gladstone
wrote:
>Do I understand correctly that TSOEXEC CALL creates a new subtask
>environment which is "insulated" from the goings-on in the mother task?
Yes. The parallel environment established by TSO/E via TSOEXEC would be clean,
even if the orig
On Sun, 17 Feb 2019 18:05:59 +0200, Steff Gladstone
wrote:
>Ok. We have been playing around with program control.If PROG1 (a COBOL
>program incidentally) is to be allowed exclusively to update file MY.FILE,
>then we:
>
>1. introduced PROG1 into the list of programs in AUTHPGM in member IKJEF
On Mon, 11 Feb 2019 09:06:21 -0800, Charles Mills wrote:
>I did not recall the exact operation of the bit flag. If I'd recalled that it
>was an SVC 99 flag rather than some sort of global flag I might well have
>found it myself.
>
>Why criticize people for asking a question? If they knew the an
On Sun, 10 Feb 2019 14:08:15 -0800, Charles Mills wrote:
>A kind soul offline points out S99NORES.
>
>(No wonder I couldn't find it in the TCB.)
It also would have helped if you'd said you were interested in -dynamic- data
set allocation, rather than simply data set allocation. It changes the a
On Thu, 24 Jan 2019 15:25:45 +, Steve Austin
wrote:
>Hi, I'm using the 'shmat' syscall to attach a shared memory object, but using
>the REXX storage function to alter it causes the dirty bit to be set. Any idea
>why this is or how to prevent it?
As Ed said, because you're loading somethin
On Sat, 8 Dec 2018 21:09:42 +0200, Binyamin Dissen
wrote:
>I don't believe this tool would be appropriate for the OP as it detects system
>objects (for the lack of a better term) that allow inappropriate privilege
>elevation or storage access. Application code would not benefit from this
>tool.
On Sun, 11 Nov 2018 09:39:31 -0500, Joseph Reichman
wrote:
>on second there maybe another way of getting the
>information besides going into XMEM
>
There is another way, already mentioned in this thread: do all your
"cross-memory" data gathering by scheduling SRBs into the other address spaces
On Sat, 3 Nov 2018 15:00:01 -0500, Mike Cairns wrote:
>Unfortunately the SEARCH command only applies to the user executing the
>command. Returning the profiles that *you*, the executing user, have access
>to. I think what Vignesh is asking for is a list of the profiles for a given
>user when
On Sun, 16 Sep 2018 17:06:53 +0300, ITschak Mugzach wrote:
>I do understand it, but it is interesting that same blocks in different
>address spaces maps to same address spaces. It is clear why, it is always
>the same order of build, but still interesting.
Unless it's changed in the past few yea
On Thu, 13 Sep 2018 09:21:39 -0700, Charles Mills wrote:
>I do think IBM needs to somehow better accommodate ISVs. My understanding is
>that "you have to own a real mainframe" to get access to the security
>portal. Thus ISVs who own only zPDTs or who rent time at Dallas do not
>qualify.
I am
On Mon, 6 Aug 2018 11:13:49 +, Blake, Daniel J [CTR]
wrote:
>Years ago I was called to assist two different customers who both screwed up
>the only Special userid. In both cases I was able to switch to the IBM
>supplied RACF data bases that came with a ServerPac. Logged in with IBMUSER,
On Sat, 4 Aug 2018 19:41:03 +0300, saurabh khandelwal
wrote:
>Thanks for reply.
>
>Special user is getting below message
>
>IKJ5644I TSOLOGON RECONNECT REJECT - USER ACCESS REVOKED BY RACF
>
>and any other TSO user getting
>
>IKJ56425I LOGON REJECTED, RACF TEMPORARILY REVOKING USER access
>IK
On Sat, 28 Jul 2018 12:00:51 -0300, Clark Morris wrote:
>[Default] On 27 Jul 2018 17:41:11 -0700, in bit.listserv.ibm-main
>rob.schr...@gmail.com (Rob Schramm) wrote:
>
>>I am not sure.. They out those extended checks with smf 82's.. and put some
>>use parameters in the asymuse.
>>
>>I don't like
On Fri, 27 Jul 2018 16:19:31 -0400, Rob Schramm wrote:
>You would think that.. but what about the pervasive encryption? Wouldn't
>ICSF with CHECKAUTH makes sure the key 0 user was authorized for the crypt
>key and possibly checked for use for the data set?
No, I would not expect ICSF to be invo
On Thu, 26 Jul 2018 22:05:08 -0400, Rob Schramm wrote:
>How does that interact with ICSF CHECKAUTH that forces security checks for
>authorized address spaces?
There is no interaction, because you're mixing up different kinds of checks.
We've been talking about OPENing VSAM clusters, but you've
On Thu, 26 Jul 2018 20:56:07 -0500, Paul Gilmartin wrote:
>On Thu, 26 Jul 2018 22:13:01 -0300, Clark Morris wrote:
> ...
>>Why would they exclude only VSAM from checking? Is it because of Page
>>Datasets or some other reason? Are there other ways of bypassing or
>>ignoring checking for supervis
On Thu, 26 Jul 2018 09:54:48 -0500, Tom Marchant
wrote:
>On Thu, 26 Jul 2018 07:50:04 -0500, Walt Farrell wrote:
>
>>On Tue, 24 Jul 2018 15:08:51 +, Seymour J Metz wrote:
>>
>>>Neither APF authorization nor supervisor state suspend normal SAF processing
>>&
On Tue, 24 Jul 2018 15:08:51 +, Seymour J Metz wrote:
>Neither APF authorization nor supervisor state suspend normal SAF processing
>for, e.g., OPEN. If you know of a privileged application >that bypasses
>normal resource controls and does not require SAF authorization before doing
>so, t
On Mon, 9 Jul 2018 08:29:09 -0400, Joseph Reichman
wrote:
>I have gotten the following code to work (with the help of Binyamin) as I will
>list below but the problem is it is only being executed once and I am looping
>thru a number of records
>Seems like when I get to DUMBRK OFF +4; GO +4 it i
On Fri, 6 Jul 2018 13:38:45 -0400, Joseph Reichman
wrote:
>Would any one know if you can run TSO TEST as a background Job on either
>IKJEFTSOEV or IKJEFT01
I would expect it to work under IKJEFT01 (and I vaguely recall doing that in
the distant past), but probably it would not work in an envir
On Thu, 5 Jul 2018 17:18:24 +0200, R.S. wrote:
>I have job with the following steplib:
>
>//STEPLIB DD DISP=SHR,DSN=HLQ.LNKLST.LIB1
>// DD DISP=SHR,DSN=HLQ.LNKLST.LIB2
>// DD DISP=SHR,DSN=HLQ.NONLNK.LIB3
>
>LIB1, and LIB2 reside in LNKLST, but not on APF.
>LIB3 is not on LNKLST, but is APF-author
On Mon, 25 Jun 2018 11:22:51 -0700, Charles Mills wrote:
>Well, it's not a "problem" (FSVO "problem") but in an example that is
>supposed to show the fast way of doing things, one might avoid slower
>instructions, such as storage literal references, when alternatives like
>TMLH and LLILF are now
On Fri, 22 Jun 2018 09:43:15 -0500, John McKown
wrote:
>This is strictly a curiosity question. Suppose for some unspecified &
>irrelevant to this discussion that my code is running under a TCB which has
>a non-zero TCBSENV value. If my code were to do an ATTACHX to create a
>subtask, would the n
On Fri, 22 Jun 2018 15:02:35 -0400, Steve Smith wrote:
>I'll grant you have a point... but I thought the national characters were
>defined as x'5B', x'7B', and x'7C', regardless of how displayed.
>
Correct. The hex value is the important part. Depending on your codepage and/or
keyboard it may l
On Mon, 4 Jun 2018 17:27:25 -0500, Todd Burrell wrote:
>Hopefully this is not a stupid question - but is it possibly via RACF (maybe
>with DASDVOL) to allow a particular system to have only read access to a DASD
>volume? We have a need to possibly vary some devices onto a system in one
>plex
On Tue, 15 May 2018 16:53:33 +, Jousma, David wrote:
>Ok, quick eye-ball verification from the guru's that are better ASM programmer
>than I...
>
>SMF30 RAXFLAGS is kicking out the a module for which I selectively pulled out
>the DSPSERV code for allocating USERKEY SCOPE=COMMON Data space.
1 - 100 of 483 matches
Mail list logo
