Gene, All that an AC=1 module that is in an APF authorized module can do is to start running with the JSCBAUTH bit on if, and only if, it is invoked as a Job Step Task from the initiator, or other initiator-like process (z/OS UNIX Services, for instance). However, a PCFLIH backdoor can allow a problem state, non-system key program that is not running APF authorized to receive control in an authorized state simply by causing a program interrupt to occur. Now I don't know if this particular backdoor does this or not, but if it does (or worse, can be spoofed by a caller to do this) than it would constitute a violation of z/OS system integrity.
=============================================== Wayne Driscoll OMEGAMON DB2 L3 Support/Development wdrisco(AT)us.ibm.com =============================================== From: "Pate, Gene" <[email protected]> To: [email protected] Date: 03/05/2012 08:30 AM Subject: Re: Program FLIH backdoor - This is a criminal breach of security! Sent by: IBM Mainframe Discussion List <[email protected]> I am amazed at the uproar over this. Is there anything that a PCFLIH backdoor can accomplish that any AC=1 module in any APF authorized library cannot? <SNIP> Gene Pate CSX Technology Enterprise Architecture ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
