Writing an EOF record at the beginning of the data set does indeed "help prevent programs from reading old data when a data set is read immediately after being allocated", but the way it does this results in preventing the reading of old data only from the first track. If a program can read beyond this first track (which is not difficult to do even in an unauthorized program), then the program can still read all the rest of the old data in the allocated tracks. The only way truly to prevent a program from reading any of the old data is to erase each allocated track, either when the old data set is deleted or when the new data set is allocated. Erasing is a very expensive process in terms of DASD utilization and elapsed time, which is why it is almost never done. This is perhaps another example of "security through obscurity", which has been discussed lately under thread subjects starting with " Program FLIH backdoor ". I call it obscurity since getting beyond the first ! track deters most programs, but is not difficult if you know the "obscure" fact that it is quite easy to do if you want to.
Bill Fairchild -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Zelden Sent: Monday, March 12, 2012 10:40 AM To: [email protected] Subject: Re: IEFBR14 On Mon, 12 Mar 2012 08:21:13 -0700, Sam Siegel <[email protected]> wrote: >Scott - I think the EOF marker is handled by SMS. If a file is >allocated to a non-sms volume with IEFBR14 it might be that no EOF >marker was created. This can result in a wrong length read when trying >to read from the dataset instead of going straight to EODAD. >Sam > This changed in z/OS 1.11 to include non-SMS also for an . As John M. hinted, it does require a valid DSORG. That can come from a default DATACLAS or from JCL. >From the announcement letter: "In z/OS V1.11, DFSMSdfp(tm) processing is changed to indicate end-of-file (EOF) during the allocation of data sets on DASD that are not SMS-managed and have either sequential or an undefined data set organization. This makes this processing for both SMS-managed and non-SMS-managed data sets consistent, to make it unnecessary to open data sets solely to indicate EOF, and to help prevent programs from reading old data when a data set is read immediately after being allocated. " -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:[email protected] Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
