|
|
| Author |
Message |
Bill Dennis
Active User
Joined: 17 Aug 2007
Posts: 242
Location: Iowa, USA
|
|
|
|
| It's more than the APF load library. The module needs the "authorized" flag turned on. Re-link with AC=1 added to the LKED PARM. |
|
| Back to top |
|
 |
References
|
 Posted: Wed Jun 18, 2008 11:01 pm Post subject: Re: |
|
|
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
I am not getting your point clearly.
can please explain the steps of using the above mentioned process. |
|
| Back to top |
|
|
dick scherrer
Global Moderator
Joined: 23 Nov 2006
Posts: 7453
Location: 221 B Baker St
|
|
|
|
Hello,
Please talk with your system programmer(s) or other technical support people.
Most organizations do not permit developers to create "authorized" modules. If you do not understand what apf-authorized is about, you can ask this of the same people. |
|
| Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
hello,
I already added that pds in to APF library.
Dont bother about security issues.
That pds is having program modulle.
Now i am sending a message to syslog but is having '+' sign.
ex:
+TEST01I EXAMPLE
Before adding this module in to APF also i was getting same result. |
|
| Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
@ dick scherrer
I suppose, without knowing APF authorized I could not add this pds to the library. |
|
| Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
This is what i could not understand.
| Quote: |
| Re-link with AC=1 added to the LKED PARM |
|
|
| Back to top |
|
|
enrico-sorichetti
Global Moderator
Joined: 14 Mar 2007
Posts: 2565
Location: italy
|
|
|
|
| Quote: |
| Dont bother about security issues. |
It would be wise on your side to understand what APF(*) means,
and what are the security exposure related to it
the security issues are not related to datset access,
but to the damages which can be done by improper use/erroneous coding
of an APF program
for example an APF program might overwrite crucial system areas
(*) APF - Authorized Program Facility |
|
| Back to top |
|
|
UmeySan
Senior Member
Joined: 22 Aug 2006
Posts: 624
Location: Germany
|
|
|
|
Morning Lady's !
I suppose, without beeing authorized,Thiru Chandira Moorthi could not have added the module to the APF-Lib. Otherwise we have to put a question mark over the whole company he's working for. Then, would be nice to work over there :-)
Also looking at his other posts, it seams, that he is working in the authorized Group, to do the things he does.
So why beating around the bush! I think, Bill Dennis got to the point!!!
So, Mr. Thiru Chandira Moorthi, what is what you do not understand???
Just for disambiguation, and for all the other poor creatures out there in the universe, who don't know about what we are talking, when we're discussing this APF and behave like mystery-mongers, and because of having enough time here and getting well paid for distributing my spiritually wisdoms instead of working hard on the projekt:
APF is used to allow the installation to identify system or user programs that can use sensitive system functions. To maintain system security and integrity, a program must be authorized by the APF before it can access restricted functions, such as supervisor calls (SVC) or SVC paths. APF helps to avoid integrity exposures; the installation identifies which libraries contain special functions or programs. These libraries are then called APF libraries.
An authorized program can do virtually anything that it wants. It is essentially an extension of the operating system. It can put itself into supervisor state or a system key. It can modify system control blocks. It can execute privileged instructions (while in supervisor state). It can turn off logging to cover its tracks. Clearly, this authorization must be given out sparingly and monitored carefully.
APF programms have following characteristics:
they runs in supervisor state, bit 15 of the PSW is zero
run with PSW key 0 to 7, bits 8 through 11 of the PSW contain a value in the range 0 to 7
By the way, other outstanding definitions for APF are:
APF Atomic Packing Factor (fraction unit cell occupied by atoms)
APF American Philatelic Foundation (Los Angeles, California)
APF Auxiliary Particle Filter
And last but not least:
APF Air Procedures Flight, Ramstein Air Base Germany
...had been there working for the nato years ago
Oh good, I love that job. I Think, i have to thank you ervery day for having the chance and personal liberty to what i do. There are only a chosen few out there, getting princely paid for all this feeblemindedness.
Sorry, sometimes my gift for writing poetry just to gains the mastery.
Have a nice day, |
|
| Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
Hello all,
I am having access to give SETPROG command.
I have a authorised ID.
I just want to conform whether we can remove '+' sign or not.
If we can, I want to know the process.
| Quote: |
Re-link with AC=1 added to the LKED PARM
I am not clear about where to give this AC and also just adding the module of the program to APF, it is not giving the desired output. |
|
|
| Back to top |
|
|
Bill Dennis
Active User
Joined: 17 Aug 2007
Posts: 242
Location: Iowa, USA
|
|
|
|
thiru,
not all programs in an APF library are authorized. they are only eligible to get authorized.
the program you are executing was assembled/compiled and link edited prior to execution. find this job and examine the link edit step for the PARM options. rerun the job adding the additional parm value and check the step output for a message indicating the module is now APF authorized. |
|
| Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007
Posts: 29
Location: chennai
|
|
|
|
Thanks BILL, Excellent.
Now i can catch your point clearly.
Thanks to everyone who helped me in this. |
|
| Back to top |
|
|
|
|
