|
|
|
The Authorized Program Facility (APF) is one of the most important security facilities. If a program meets APF-authorization requirements, it can enter into supervisor state and storage protection key 0 (zero) by issuing the MODESET supervisor call (SVC). While in supervisor state, a program can execute restricted machine instructions. In storage protection key 0, a program can access all main storage of the computer. This means that it is possible for APF‑authorized programs to circumvent all standard z/OS security mechanisms and gain access to secured data.
To gain APF-authorization, a program must be link edited with an authorization code of 1. In addition to having the proper authorization code, a program must also be placed in a designated APF‑authorized library.
APF is also used for other special authorization purposes, such as updating a volume table of contents (VTOC), using APF-protected SVCs, and using certain special powers granted by the z/OS program properties table (PPT).
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |