Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Handling dirty address spaces z/OS UNIX System Services Planning GA32-0884-00 |
|
A dirty address space is an address space requiring daemon authority that has had an uncontrolled program loaded into it. Dirty address spaces, which are also known as dirty environments, cannot perform daemon activities. If the BPX.DAEMON resource in the FACILITY class has been defined, then programs that are loaded from MVS™ libraries are checked for program control. The checking is bypassed only if BPX.DAEMON.HFSCTL is defined and the user is permitted to it. Programs in files are controlled programs if they have the program control attribute set. If a program that is not a controlled program is loaded, the address space is marked dirty and cannot perform daemon activities. If an address space was marked dirty, you can load a controlled program but it will not be able to do any controlled functions such as setuid(). All BPX.SERVER and BPX.DAEMON privileges are revoked, including the right to check passwords and password phrases. Programs can be defined to program control in the following ways:
RACF® supports program control. Other security products might not. If you are using a security product that does not support program control, you might still have BPX.DAEMON defined. In this case, the only situation that will mark an address space dirty is a load from the file system where the program is not defined to program control. |
Copyright IBM Corporation 1990, 2014
|