Enhanced Console Facility › Security Considerations

Security Considerations

Consider the following items regarding security for the ECF:

The OPSRMT and OPSCMD can potentially issue commands whose authority level checking is bypassed. When OPSRMT or OPSCMD issues a cross-system command, the OSF of the remote system using the authority levels assigned to the server address space eventually executes the command.

This same problem can arise when OPSRMT or OPSCMD is invoked to execute a TSO command on the local system. The command is ultimately executed by the OSF of the local system, and hence will be checked by your security system against the authority level of the server address space.

For this reason, you must secure the usage of the OPSRMT and OPSCMD TSO commands. This can be done in several ways:

• Read-protect the library in which the OPSRMT and OPSCMD load modules are placed.
• Use the OPUSEX exit routine to check the authority of the user when the OPSRMT or OPSCMD command is invoked. Both routines call this exit. The sample exit, as distributed, checks to make sure the caller has the TSO OPER privilege.
• Use CA ACF2, CA TopSecret, or RACF to restrict the use of OPSRMT and OPSCMD by user ID.
• Set the authority level of the server address spaces to the lowest common denominator of all users. This ensures that no user can gain more authority than he or she already has.

Note: CA OPS/MVS assigns all OSF server address spaces SUBMIT and OPER privileges by default.