Think of APF authorization as being as restrictive as the weakest link. (And that's a good thing.)
- Every library in the STEPLIB concatenation authorized except one? Not authorized. - Called by an unauthorized program? Not authorized. - Called a bunch of programs, one of which was unauthorized? Not authorized. - From an APF library but forgot the AC(1)? Not authorized. - AC(1), but from an unauthorized library? Not authorized. - AC(1) and from an authorized library, but the jobstep program called an unauthorized program before this one? Not authorized. It makes sense. Any unauthorized link in the chain makes the contents of storage unreliable, too unreliable for APF authorization. On Mon, 18 Nov 2024 17:02:31 +0000, Richard Zierdt <richard.zie...@freschesolutions.com> wrote: >I wrote an authorized program that displays the contents of control registers >using the STCTG instruction. Linked AC(1) and stored in an APF library. >Substantive instructions are: > > MODESET MODE=SUP For STCTG instruction > STCTG 0,15,CRREGS Store (copy) Control Registers > MODESET MODE=PROB > >When called using LINK from an unauthorized program (linked AC(0) to the same >APF authorized library), an S047 abend occurs at the first MODESET macro >(which generates an SVC 107). > >When the unauthorized program is linked authorized (AC(1)), the call (LINK) >works. > >I thought unauthorized programs can call (LINK) authorized programs, but >authorized programs cannot call unauthorized programs, or, if they do, they >lose authorization. > >Yes, the program with MODESET MODE=SUP could be made into a PC, but it would >be easier to avoid that method. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
