When the BPX.DAEMON and BPX.SERVER facilities are active, processing authorized functions, such as SETUID, requires that programs or executables be loaded from an authorized library. In an CA Top Secret environment, these authorized data sets are any library in the LPA list, the APF list, or LINKLIST. If a program is loaded from the HFS or an MVS data set not on the approved lists, the TCBNCTL flag, referred to as the “dirty bit,” is set. This results in authorized functions failing if attempted in the “dirty” environment.
When an executable or program is requested in an OMVS environment, OMVS finds the executable in the HFS and loads from there unless the program controlled extended attribute, or “sticky bit,” is set. If this sticky bit is set on the executable file, OMVS uses normal MVS load processing. To avoid the dirty bit being set the executables in the HFS set the sticky bit on using the chmod command.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|