Technical Information › System Exits › Potential Exit Exposures

Potential Exit Exposures

From an audit and security standpoint, exits are important for a number of reasons:

• Exits can make the system operate differently from the way the vendor documentation describes it.

  For example, SMF and JES2 exits can require that jobs use certain JCL parameters or can supply parameters that are missing. Some data centers have implemented support for whole new JCL statements.

• Exits can introduce exposures in the security of your system.

  Many exits receive control in supervisor state or can get it if they want to. This lets them look at or modify all system storage, even to the extent of disabling the access control software that the data center uses.

  Exits can suppress audit trails.

  The IEFU83, IEFU84, and IEFU85 exits can delete records that would otherwise be written to the SMF data sets.

  The IEECVXIT exit can delete messages that would normally be written to the operator’s log.

• Exits can change some system limits.

  The IEALIMIT exit can change the amount of main memory a job can use.

  The IEFUTL exit can keep a job from being canceled when it runs out of time.

  The IEFUSO exit can keep it from being canceled when it prints too many lines.

• Exits can control who can do what.

  The IKJEFF10 and IKJEFF53 exits can control the jobs that TSO users can submit or cancel.

  The IKJEFLD exit can control the ways TSO users can log on to the system.

  Exits have so much control over things that they are often used as control points by access control software.

• Exits can submit jobs or issue operator commands.

  For example, the IEFU29 exit can issue a command to dump SMF data sets when they get full.