|
|
|
As stated before, the key to controlling APF is controlling access to APF‑authorized libraries. Use the CA Auditor displays and your access control software to verify that each library is protected from unauthorized access and modification. See the System Review Checklist for specific tests you should perform for APF-authorized libraries.
It is possible to fool z/OS into thinking that a program is APF‑authorized when in reality it is not. The z/OS program loader sets a bit in an z/OS control block (called the JSCB authorization bit) to designate an APF‑authorized program. Systems programmers can install user SVCs to set this bit, making the program appear authorized. These authorization SVCs are both popular and easy to use. An ordinary application program calls the SVC, and the program becomes APF‑authorized instantly. See Supervisor Call Analysis in the “Technical Information” chapter, and perform the checklist tests for them as a necessary part of your APF review.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |