On Tue, 27 Sep 2022 16:55:00 +0000, Peter Relson wrote: >Gil wrote ><snip> >For compatibility with historic behavior, I'd expect NOLONGPARM (the default) >not to be enforced when a program is invoked by LINK, ATTACH, etc. or from an >unauthorized STEPLIB concatenation. ></snip> > >LONGPARM is relevant only for the building of the parameter area for the >jobstep program and for some z/OS Unix stuff. > My quarrel is with the vague term "mainly" as it appeared in the Guide and I quoted and you snipped. Your sentence above is better. I'll add it to my RCF in progress, without attribution unless you prefer to be credited.
It would probably be excessive to mention BPX1EXM or the BPX.EXECMVSAPF.program_name FACILITY class profile . >So it does not apply to any other program-fetch-type interface. There is >nothing to enforce. > >This is not a question of compatibility. There is no historic behavior to be >compatible with for the jobstep program through JCL, because a parameter >longer than 100 bytes had not previously been allowed. Allowing longer parm >via PARMDD is nominally incompatible (it could/would break an existing program >that was coded to handle only 100 bytes), > Breaking an existing authorized program in that fashion could be a buffer overrun leading to escalation of privilige; an integrity threat that I'd consider an incompatibility. > but was chosen to be allowed for unauthorized jobsteps with no change to the > directory entry because there was no security ramification of such breakage. > Conversely, for security reasons, it was not allowed for authorized jobsteps > unless the program identified via LONGPARM that this was OK. > Historically, unauthorized programs could be invoked by LINK/ATTACH (I've done so, constructively.) PARMDD introduced no new integrity exposure. (IDCAMS Pubs answered my (pedantic) RCF saying that "job step" is preferred to "jobstep" as a noun and the Ref. will be made consistent. But Is "jobstep" the preferred adjective form?) -- Thanks, gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
