Re: JESSPOOL

Thu, 12 Mar 2020 17:31:30 -0700 

On 3/12/2020 4:24 PM, Jesse 1 Robinson wrote:

Not all shops use SAF to control SDSF. If so, this advice is fine. If still 
using native ISFPARMS, the approach will need to be different, including some 
tweaking of the SDSF user exit if used. I'm surprised that any action at all is 
necessary for a user's own jobs...




SDSF has nothing whatever to do with it. JESSPOOL provides generic, 
non-product-specific ESM access control to SPOOL data sets. SDSF is at 
best a footnote¶



In z/OS 1.9, SSI 80 and related SSIs became available to unauthorized 
callers. ANYONE!



Therefore, if you don't use JESSPOOL -- worse yet, if you have such 
checking fully disabled -- you are *highly* exposed to data breach!



This was brought up by the illustrious Tom Wasik of IBM z/OS JES2 
Development at time mark 12:00 (twelve minutes) into this video of SHARE 
Bit Bucket x'32' https://youtu.be/zXF6U1dtM3s



--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/


--------------------------------------------------------------------------------
This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN






















					Reply via email to