View previous topic :: View next topic
|
Author |
Message |
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
This is what i could not understand.
Quote: |
Re-link with AC=1 added to the LKED PARM |
|
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10872 Location: italy
|
|
|
|
Quote: |
Dont bother about security issues. |
It would be wise on your side to understand what APF(*) means,
and what are the security exposure related to it
the security issues are not related to datset access,
but to the damages which can be done by improper use/erroneous coding
of an APF program
for example an APF program might overwrite crucial system areas
(*) APF - Authorized Program Facility |
|
Back to top |
|
|
UmeySan
Active Member
Joined: 22 Aug 2006 Posts: 771 Location: Germany
|
|
|
|
Morning Lady's !
I suppose, without beeing authorized,Thiru Chandira Moorthi could not have added the module to the APF-Lib. Otherwise we have to put a question mark over the whole company he's working for. Then, would be nice to work over there :-)
Also looking at his other posts, it seams, that he is working in the authorized Group, to do the things he does.
So why beating around the bush! I think, Bill Dennis got to the point!!!
So, Mr. Thiru Chandira Moorthi, what is what you do not understand???
Just for disambiguation, and for all the other poor creatures out there in the universe, who don't know about what we are talking, when we're discussing this APF and behave like mystery-mongers, and because of having enough time here and getting well paid for distributing my spiritually wisdoms instead of working hard on the projekt:
APF is used to allow the installation to identify system or user programs that can use sensitive system functions. To maintain system security and integrity, a program must be authorized by the APF before it can access restricted functions, such as supervisor calls (SVC) or SVC paths. APF helps to avoid integrity exposures; the installation identifies which libraries contain special functions or programs. These libraries are then called APF libraries.
An authorized program can do virtually anything that it wants. It is essentially an extension of the operating system. It can put itself into supervisor state or a system key. It can modify system control blocks. It can execute privileged instructions (while in supervisor state). It can turn off logging to cover its tracks. Clearly, this authorization must be given out sparingly and monitored carefully.
APF programms have following characteristics:
they runs in supervisor state, bit 15 of the PSW is zero
run with PSW key 0 to 7, bits 8 through 11 of the PSW contain a value in the range 0 to 7
By the way, other outstanding definitions for APF are:
APF Atomic Packing Factor (fraction unit cell occupied by atoms)
APF American Philatelic Foundation (Los Angeles, California)
APF Auxiliary Particle Filter
And last but not least:
APF Air Procedures Flight, Ramstein Air Base Germany
...had been there working for the nato years ago
Oh good, I love that job. I Think, i have to thank you ervery day for having the chance and personal liberty to what i do. There are only a chosen few out there, getting princely paid for all this feeblemindedness.
Sorry, sometimes my gift for writing poetry just to gains the mastery.
Have a nice day, |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
Hello all,
I am having access to give SETPROG command.
I have a authorised ID.
I just want to conform whether we can remove '+' sign or not.
If we can, I want to know the process.
Quote: |
Re-link with AC=1 added to the LKED PARM
I am not clear about where to give this AC and also just adding the module of the program to APF, it is not giving the desired output. |
|
|
Back to top |
|
|
Bill Dennis
Active Member
Joined: 17 Aug 2007 Posts: 562 Location: Iowa, USA
|
|
|
|
thiru,
not all programs in an APF library are authorized. they are only eligible to get authorized.
the program you are executing was assembled/compiled and link edited prior to execution. find this job and examine the link edit step for the PARM options. rerun the job adding the additional parm value and check the step output for a message indicating the module is now APF authorized. |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
Thanks BILL, Excellent.
Now i can catch your point clearly.
Thanks to everyone who helped me in this. |
|
Back to top |
|
|
|