On Mon, May 15, 2017 at 7:30 AM, Greg Dyck <[email protected]> wrote:
> Be aware that what you are attempting to do is dangerous and has the > potential to create system integrity exposures that would allow a problem > state program to cause a system failure. I am not saying that it can not > be done safely, because it can be. But to do it safely without creating a > system integrity exposure requires a lot more than just using RSAPF=YES on > the ATTACH. > > On 5/15/2017 3:17 AM, Robin Atwood wrote: > >> Conditions 1 and 2 seem mutually exclusive. I tried coding MODESET >> MODE=SUP >> and adding SM=PROB,KEY=PROP >> >> to the ATTACH but it made no difference. I seem to be missing something >> fairly massive here! Can anyone shed some light on this? >> > > <snip> > > > Regards, Greg > > Just coming out of left field here. I don't know what the OP is trying to accomplish (at a high level) by doing this. But in the context were I need differing security attributes (such as APF), I would go with a UNIX fork(). Of course, if the ATTACH'd program needs to communicate with the parent through shared memory, that complicates things a bit. But should be possible using the z/OS shared memory API. Or my "marshalling" the data and using some IPC such as pipe or, better, UNIX messages. The problem with all this is the CPU overhead and complexity. -- Advertising is a valuable economic factor because it is the cheapest way of selling goods, particularly if the goods are worthless. -- Sinclair Lewis Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
