On Tue, 17 Mar 2015 17:58:16 +0100 Thomas Berg <[email protected]> wrote:
:> -----Original Message----- :>> From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of :>> Walt Farrell :>> Sent: Tuesday, March 17, 2015 4:18 PM :>> To: [email protected] :>> Subject: Re: Turning JSCBAUTH off and back on again (Was: IEBCOPYO (was: APF-authorized :>> ...)) :>> On Tue, 17 Mar 2015 09:14:56 -0500, John McKown <[email protected]> :>> wrote: :>> > :>> >The SYNCHX is the magic which allows your code to stay key 0 while :>> >invoking the other program "in line" in key 8. When the program :>> >returns, your code is still key 0. At which point you restore APF :>> >authorization and continue on. :>> :>> At which point you have a _major_ system integrity flaw. What about all that key 8 storage your :>> APF-authorized program has been using? The program you SYNCHX'd to is free to overwrite it. :>> You cannot trust any of it, including the initial save area that MVS passed to your program, and :>> where you presumably stored the registers on entry (including the return address). :>> :>> When you go to return to the system it's quite possible that you'll go to an address selected by :>> the rogue routine, and it will be running with APF authority at that point. :>> :>> This can only be fully safe if you never have any key 8 storage, or if you copy all your key 8 data :>> to a system key area before you invoke the unauthorized program, and never use the old key 8 :>> storage again. That would be made a bit easier for you if your program was added to the PPT as :>> running in a system key. Then your initial save area and everything you GETMAIN would be in :>> that system key by default. But if you start out in key 8, you have more work to do. :> :>May an ignorant peek in here... :) :> :>Just as a concept and theoretically; wouldn't a way to secure that the key 8 storage is untouched is to save a hash of the content in system key area (with a random salt) ? Then just compare the hashes before reusing the key 8 data. :>Of course, this is only feasible if performance is not a problem. :>(Not that I'm a knowledgeable person in any of these areas...) You would have to also make sure no STIMERM's are around (or anything else that could run as an ASYNC exit. Of course the AC=1 routine does not need the FSA - it can discard it and getmain a system key work area. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
