For a TSO program to get control via CALL in an authorized state, it must be in IKJTSOxx AUTHPGM, it must be linked AC(1) and come from an APF authorized library.
You can also use AUTHTSF to invoke a program via IKJEFTSR if you require more flexibility with the parameter lists (but the AC(1) and APF library rules still apply). -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Jeffrey Holst Sent: Wednesday, November 13, 2019 2:56 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: AUTHPGM in IKJTSOxx Does AUTHPGM require that the specified program have a non-zero AC or that it be in an APF authorized library? I ask because it appears that a very clever user may have written a program whose name matches a program in the AUTHPGM list. The program executes a macro instruction that requires APF authorization. It appears that he was able to successfully call it from TSO. If this is the case, is there a way to secure this. If this is not supposed to work this way, this would seem to be an integrity issue that is worthy of a PMR. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
