|
|
|
You should carefully review any programs whose names are in the TSO Information Summary Display. It is possible to use the TSO Information Summary to pass an authorized program a “parameter” list like that the CALL macro generated. If the authorized program permits user exit routines, users can pass the addresses of their exit routines in the argument list and receive control in their own code in an authorized state (for example, the IBM IDCAMS utility). For this reason, IBM explicitly recommends that data centers exclude IDCAMS from APFTTABL. Check any program names other than the defaults of IEBCOPY and IKJEFF76 for function and integrity.
You can invoke most TSO commands and programs from a background TMP environment. In some cases, batch TMP should not issue TSO commands. For example, the OPER command lets users enter a subset of operator commands like CANCEL. Because it might not be advantageous for batch programs to issue operator commands, it is advisable to restrict the use of selected TSO commands (such as OPER) in the background environment. The NSCPTABL in CSECT IKJEFTNS lists those TSO commands that cannot be issued from batch programs. As with the other tables, CSECT IKJEFTNS is also found in the LPA module IKJEFT02.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |