I will give it one more shot at trying to clarify what I mean. Witness this thread, reasonable people can disagree on what "violates the statement of integrity" means. One person's reasonable or only available technique is another person's violation.
We could use some finer granularity. We could use a standard statement of "does X but does not do Y." Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Ray Overby Sent: Thursday, March 08, 2012 8:45 AM To: [email protected] Subject: Re: Program FLIH backdoor - This is a criminal breach of security! The IBM statement of Integrity or its equivalent is a standard that all authorized programs should conform with. See IBM statement of Integrity <http://www-03.ibm.com/systems/z/os/zos/features/racf/zos_integrity_statemen t.html>. If you look at z/OS V1R12.0 MVS Authorized Assembler Services Guide: 21.1.2 <http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/iea2a8b0/21.1.2? ACTION=MATCHES&REQUEST=system+integrity&TYPE=FUZZY&SHELF=EZ2ZBK0K&DT=2010062 9141054&CASE=&searchTopic=TOPIC&searchText=TEXT&searchIndex=INDEX&rank=RANK& ScrollTOP=FIRSTHIT#FIRSTHIT>/you/ will see that IBM puts the responsibility on the installation for ensuring the integrity (i.e. - conforms to the IBM statement of Integrity) for any modifications or extensions to z/OS the installation makes. This would include any authorized code written/installed by the installation as well as any authorized code installed that is from ISVs. If the backdoor, intercept, or other authorized program violates the IBM statement of integrity then it is a problem that needs to be remediated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
