|
|
|
Because z/OS are always in control of the computer hardware, application programs that need data or other services first must communicate their needs to z/OS. Applications do this through the supervisor call (SVC) machine instruction.
SVCs are divided into two classes: primary SVCs and extended SVCs. You should review both types of SVCs.
You do not need access to any files to use this option. Current releases of CA ACF2, CA Top Secret, and RACF perform their own checking of proper authority for SVCs 131, 132, and 133. In these cases, the SVC table does not require that caller to be APF‑authorized.
The SVC Analysis option (3.7) lets you review the IBM primary SVCs, user SVCs, and extended SVC router (ESR SVCs). The following points describe some of the SVC verifications performed internally by the analysis function. If CA Auditor finds any condition that merits further review, the system presents the Review Recommendation indicator (*) with the SVC summary line.
Auditor___________________________ Location___________________ Page____of____
Approved__________________________ CPU________________________ Date__________
|
Step |
Description |
W/P Ref |
Finding |
Remarks |
|---|---|---|---|---|
|
1 |
The use of IBM primary SVCs, which perform sensitive functions, must be restricted to authorized programs only. Select the SVC Analysis display (3.7) to verify that SVCs 32, 39, 52, 76, 82, 83, 85, 107, 123, 131, 132, and 133 require APF authorization for their use. Note: SVCs 131, 132, and 133 do not require APF authorization if CA ACF2, CA Top Secret, or RACF is installed on the system. Also, SVC 82 does not require the caller to be authorized if that SVC is not active. SVC numbers 0 through 199 are reserved for IBM use. Numbers 200 through 255 are available for user‑supplied SVCs. |
|
|
|
|
2 |
ESR SVCs are more difficult to classify because IBM did not provide a standard for ESR use. Note from the display if any of the unused IBM primary SVCs are in use. You should review any IBM primary SVC that is inactive when distributed. |
|
|
|
|
3 |
Use the SVC display to prepare a work paper that documents all non‑IBM primary SVCs (those numbered 200 and above), and any exceptions noted above. Determine the purpose, use, and function of each user‑installed SVC from Technical Support documentation. An asterisk (*) appears next to any primary user SVC that does not require the caller to be APF‑authorized. This does not necessarily indicate an error condition. |
|
|
|
|
4 |
Note if any of the user SVCs that you found in the previous step perform sensitive functions. Determine from the SVC display if these user SVCs require the programs that use them to be APF‑authorized. Use great care to review any SVCs that grant authorization to programs that call them. |
|
|
|
|
5 |
z/OS architecture requires SVC types 1, 2, and 6 to be link‑edited as part of the nucleus. Use the Program Statistics Display (5.2) to analyze member IEANUC01 of SYS1.NUCLEUS. Note any evidence of superzap. If the nucleus was zapped, select the detailed display and determine if any SVC CSECTs (IGC0 or ICG1 series names) were zapped. |
|
|
|
|
6 |
Type 3 and 4 SVCs can be found in FLPA, MLPA, or LPA. Use the Fixed and Modified LPA Display (3.5) and look for SVCs (CSECT names that begin with IGC0). If any are found, split your screen and select the Link Pack Area Display (3.4) on the other half of the screen to look for duplicate modules in LPA. |
|
|
|
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |