Why hijack? Right your own code. Anyway, it runs under your user… We switched some of interpret commands to value since the sending field was larger than 256 bytes. Value don’t care.
ITschak בתאריך יום ב׳, 13 בספט׳ 2021 ב-16:35 מאת Gary Freestone <[email protected] >: > A few years back I switched from INTERPRET to VALUE due to concerns I had > from a security perspective. > > Value only performs an evaluation and assigns it to a variable. Interpret > lets you do any thing. > > Say for example in your sample code. If I could hijack you code and > adding a single line to the REXX I could issue a JES2 command. The line is > > def=';x=isfcalls(on);address sdsf "isfexec /$DI";istr="DEF";say "DEF" ' > > Sure this case its just a harmless $DI but it could be anything. The only > difference in the output is an example blank line. > > That’s why I’ve switched. > > Gary Freestone > Kyndryl Australia > > > Sent from Mail for Windows > > From: Lionel B. Dyck > Sent: Monday, 13 September 2021 9:45 PM > To: [email protected] > Subject: REXX - Interpret or Value - Which is better? > > From a programming standpoint which is (a) more efficient, and (b) easier > to > understand - Interpret or Value. > > Examples: > > /* rexx */ > /* setup our defaults to start with */ > istr = 'abc' > vstr = istr > > /* value examples */ > newvar = value(vstr,'def') > say newvar > say vstr value(vstr) > newvar = value(vstr''1,'second') > say newvar > say vstr''1 value(vstr''1) > > /* interpret examples */ > interpret 'istr = def' > interpret 'say' istr 'istr' > interpret 'istr'1 '= second' > interpret 'say' istr''1 'istr'1 > > The main differences that I can see is that with interpret the new values > are uppercase, and with value the return contains the new variable name. > > Lionel B. Dyck <>< > Website: https://www.lbdsoftware.com > Github: https://github.com/lbdyck > > "Worry more about your character than your reputation. Character is what > you > are, reputation merely what others think you are." - - - John Wooden > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
