One more time.... All *user-key SCOPE=COMMON dataspaces.
Jim Mulder
Apr 5
Re: [EXTERNAL] Re: UA94606
VSM ALLOWUSERKEYCSA(NO)
only prevents obtaining user key CSA.
It does not prevent creating a user key CADS, or using CHANGKEY
to change the key of subpool 247 or 248 (DREF SQA) storage to
user key.
The health check and the new SMF 30 field report all three of those
types of security issues, and all three will be disallowed in the next
release after z/OS 2.3.
So I would think that you would want to keep the health check enabled.
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
From: Jousma, David
Sent: Tuesday, May 15, 2018 1:50 PM
To: IBM-Main ([email protected]) <[email protected]>
Subject: RE: UserKEY CSA/Dataspace scope=common Remdiation
Nevermind on this. I found an old Jim Mulder posting to this group that
indicates that all SCOPE=COMMON Data space allocations will fail on V2.4 and
has nothing to do with VSM ALLOWUSERKEYCSA(YES/NO). For some reason in my mind
I was trying to tie this all together...
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
From: Jousma, David
Sent: Tuesday, May 15, 2018 12:54 PM
To: IBM-Main ([email protected]<mailto:[email protected]>)
<[email protected]<mailto:[email protected]>>
Subject: UserKEY CSA/Dataspace scope=common Remdiation
Ok, quick eye-ball verification from the guru's that are better ASM programmer
than I...
SMF30 RAXFLAGS is kicking out the a module for which I selectively pulled out
the DSPSERV code for allocating USERKEY SCOPE=COMMON Data space. Is it
possible that this line "DSPSERV DC A(*+4+X'80000000')" is what is setting
the storage key just prior to execution? i.e. KEY 8? I didn't create the
code, I'm just trying to understand it.
MODESET MODE=SUP SET TO SUPERVISOR STATE
L R15,DSPSERV INSURE 31 BIT MODE
BSM 0,R15 SET 31 BIT MODE
DSPSERV DC A(*+4+X'80000000')
*
DSPSERV CREATE, CREATE A DATA SPACE
STOKEN=DSPSTOKN, PUT STOKEN HERE
NAME=DSPNAME, USE THIS NAME
ORIGIN=DSPORIGN, PLACE ORIGIN ADDRESS HERE
SCOPE=COMMON, COMMON DATA SPACE
BLOCKS=(DSPBLCKS,DSPBLCKS) THIS MAX AND INITIAL
*
ST R15,RETCODE SAVE THE RETURN CODE
ST R0,REASCODE SAVE THE REASON CODE
MODESET MODE=PROB SET TO PROBLEM PROGRAM STATE
Alternatively, I know the DataSpace names that are being allocated from a D
A,stcname. Again, this is territory I don't tread into often, but is there
an easy way to determine the storage key of them?
Thanks, Dave
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
This e-mail transmission contains information that is confidential and may be
privileged.
It is intended only for the addressee(s) named above. If you receive this
e-mail in error,
please do not read, copy or disseminate it in any manner. If you are not the
intended
recipient, any disclosure, copying, distribution or use of the contents of this
information
is prohibited. Please reply to the message immediately by informing the sender
that the
message was misdirected. After replying, please erase it from your computer
system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
