|
|
|
The authorized program facility (APF), option 2.2, is the key security feature of the operating system under the user’s control. Programs that meet APF‑authorization requirements can issue the MODESET supervisor call (SVC) to switch themselves into supervisor state and system storage protection keys (0‑7). Programs in supervisor state are permitted to execute privileged machine instructions.
APF‑authorized programs can circumvent or disable all security mechanisms, including CA ACF2, CA Top Secret, RACF, and other access control software products, in addition to accessing all production data. Only unusual measures such as hardware controls or encryption can protect data from an APF‑authorized program.
APF‑authorized programs are also explicitly granted the power to:
Programs can optionally be linked with an AC‑CODE (control statement SETCODE AC(1)) that gives them additional job‑step authority when executed from authorized libraries.
Normally, when z/OS starts a new job step, the first program specified (the job-step program, for instance MYPROG in the following statement:
// EXEC PGM=MYPROG
must have AC(1) (or non-0 for pre-XA systems) and come from an authorized library for the step to run authorized. Then that program and subsequent programs in that step can execute programs from authorized libraries that do not have job-step authority. These programs, too, can run authorized. At any time during program execution, an APF-authorized program can then use the MODESET SVC to gain supervisor state and load storage keys into the PSW.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |