On Mon, 16 Mar 2015 14:25:45 -0500, Tom Marchant wrote: >On Mon, 16 Mar 2015 13:57:45 -0500, Paul Gilmartin wrote: > >>IEBCOPY has been demoted from "APF Authorized" to >>"Module residing in an authorized library, marked AC(0), so not designed to >>be invoked authorized." > >ITYM "Does not require authorization when executed as a job >step program." > >Because it is used by SMP/E, which is known to invoke it in an >authorized environment, it has to be designed to be invoked in >an authorized environment. ... > No. SMP/E whitewashes that blot by now requiring special RACF authorization of *any* programmer using SMP/E for any purpose except LIST. I'm dismayed.
> ... Furthermore, if it were not designed >to be invoked in an authorized environment, it should not be >included in an APF authorized load library. > No. Walt and Peter both said that when a program is in that condition it becomes the caller's responsibility to perform whatever validation is required for integrity. SMP/E further sheds that burden by requiring RACF authorization, presuming that the "trusted" programmer will perform any additional required verification. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
