|
|
|
Writing appendages is a very esoteric business. If appendages could only modify I/O operations, they would be a limited risk to security. It is possible to penetrate a system through modifying I/O operations, but it is very difficult. Appendages are dangerous because they receive control in supervisor state. This lets them issue privileged instructions and to access all system memory. Appendages are threats to system security just as APF‑authorized programs are, and they must be controlled in the same way.
Normally, a program must be APF‑authorized to access user I/O appendages. APF‑authorization prevents ordinary programs from misusing an appendage to gain unauthorized access. However, it is possible to permit the use of an appendage by any program by specifying it in the IEAAPP00 member of parmlib. If the system finds a parmlib member named IEAAPP00, it builds a list of the appendages named in this member. For more information about parmlib, see the description of the z/OS system parameter library in the “System Installation Choices” chapter. The last two characters of the name of each I/O appendage in IEAAPP00 that is for general use are specified. They range from WA to Z9. You cannot assume that any appendage specified in IEAAPP00 is either inherently harmless or does enough of its own checking to keep from being subverted by a clandestine caller. You must verify this information for yourself.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |