Executable programs are generally categorized as coming from authorized or unauthorized libraries. Programs in authorized libraries are considered safe for anyone to run. That is, the code should be free of viruses and should uphold the integrity and security classification of the operating system.

Programs in unauthorized libraries can be further divided into system-controlled libraries, which are protected from general user modification, and libraries that are not system-controlled. Libraries that are not system controlled are not considered safe for anyone to run. This code is generally a local version of a program that the owner has created or modified. Users with special privileges, must use caution when running such programs. If a programmer with RACF® SPECIAL or authority to update APF-authorized libraries runs a program from an uncontrolled library, it is possible for the program to take advantage of the caller's authority to compromise the integrity of the system.

The BPX.DEBUG resource in the FACILITY class enables you to debug APF-authorized programs, using ptrace via dbx. For more information about BPX.DEBUG, see Setting up the UNIX-related FACILITY and SURROGAT class profiles.

There are additional considerations when combining traditional MVS™ services and z/OS UNIX.

The entire file system is considered to be an unauthorized library. You can authorize individual programs within the file system as APF-authorized by setting the APF-extended attribute. Programs that are APF-authorized behave the same as other programs that are loaded from APF-authorized libraries. If a program running in an APF-authorized address space attempts to load a program from the file system that does not have the APF-extended attribute set, the load is rejected. This applies to non-jobstep exec, local spawn, attach_exec, and DLL loads. This is consistent with the way that Contents Supervisor rejects requests to LINK, LOAD, or ATTACH unauthorized programs from an authorized environment.

If an APF-authorized program is the first program to be executed in an address space, then you also need to set the authorization code to 1 (AC=1) when your program is link-edited. If a program is loaded into an APF-authorized address space but is not the first program to be executed, it should not have the AC=1 attribute set.