|
- Callers (including z/OS UNIX) can use the
IRRENS00 service after checking that RCVTENVS='1'B. The address for
IRRENS00 is obtained from RCVTENVP.
- To ensure that a message is saved, the mark-uncontrolled function
of IRRENS00 should be used rather than setting TCBNCTL directly.
- Only IRRENS00 sets, checks, or resets the keep-controlled indicators.
Resetting can occur when the reset function is requested, or at other
times if IRRENS00 determines that the environment no longer needs
to be kept controlled. For example, during a mark-uncontrolled request
IRRENS00 might find RACF's keep-controlled indicator set, but find
no open program-accessed data sets and no execute-controlled modules
present. In this case, it turns off RACF's keep-controlled indicator,
and if the z/OS UNIX indicator
is off, it honors the request.
- The z/OS® UNIX mark-uncontrolled
indicator is kept internally by the security product, and is set in
addition to TCBNCTL. Defining BPX.DAEMON.HFSCTL in the FACILITY class
requests that z/OS UNIX enforce
file system control only. This option is appropriate when the loading
of uncontrolled files must be restricted to protect against changes
made by superusers, but the loading of uncontrolled programs from MVS™ libraries does not introduce
any security concerns.
With file system control in effect, z/OS UNIX passes the z/OS UNIX mark-uncontrolled
indicator to IRRENS00 when an uncontrolled file is loaded from the
file system. The message passed with the first z/OS UNIX mark-uncontrolled request is
always saved.
With file system control in effect, z/OS UNIX passes the
check z/OS UNIX mark-uncontrolled
indicator to IRRENS00 on a keep-controlled request indicating that
the request to keep-controlled should only fail if z/OS UNIX marked the environment uncontrolled.
The z/OS UNIX mark-uncontrolled
indicator is reset when the messages saved for previous mark-uncontrolled
requests are cleared by the reset function.
|