On Tue, 17 Mar 2015 09:14:56 -0500, John McKown <[email protected]> wrote:
>I just had a thought (and it's lonely). You start off APF authorized, >key 8 as a "normal" APF program. You want to run program "B" from the >STEPLIB, but without APF authorization. Perhaps the simplest way is to >use SYNCHX something like: > > ...snipped... > NI JSCBOPTS,255-JSCBAUTH NOT APF > L R15,EPA_B > SYNCHX (15) INVOKES PROGRAM B IN TCB KEY > OI JSCBOPTS,JSCBAUTH RESTORE APF AUTHORIZATION > MODESET KEY=NZERO > >The SYNCHX is the magic which allows your code to stay key 0 while >invoking the other program "in line" in key 8. When the program >returns, your code is still key 0. At which point you restore APF >authorization and continue on. As I've mentioned elsewhere in this thread, this approach has a number of integrity exposures that would need to be addressed, and I would suggest an alternative so that you do not need to turn JSCBAUTH on again. However, there's one exposure specific to your code that I don't think anyone mentioned here. A friend spotted it and mentioned it to me off-list. So, just in case anyone tries to do something like you proposed, we thought you all should know about it. It has to do with the RESTORE= NO | YES keyword. Assuming that the doc is correct and not misleading, you would also need to specify RESTORE=YES. The default is RESTORE=NO which is documented to mean that registers 2-13 are not restored when you get control back after the SYNCH(X). That means that you would invoke the other program, and when it returned you would be running with whatever it left in the registers. There's a possibility that you would abend fairly quickly if the registers were not as you expect, but that's certainly not guaranteed. For example, if your code has a base register, and the attacker modifies it, he might be able to cause you to branch back into him after you restore APF-authorization. Or, even without a base register, if you depend on other data in the registers you might do something unexpected and/or damaging while running authorized. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
