Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Special consideration when REXX is involved z/OS Security Server RACF Diagnosis Guide GA32-0886-00 |
|
As mentioned previously, the TCB contains a bit that indicates if the current environment is trusted to open a program accessed data set (PADS) or not. This bit, the TCBNCTL, is turned on by RACF® when an unprotected and "untrusted" program is loaded into the environment. The TCB dirty bit can also be turned on by TSO/E itself. If this is the case, none of the RACF traces will catch this. If you issue TSOEXEC pgm_name, which called IRXINIT to create a REXX environment, TSO/E would mark the TCBs on the parallel side "dirty", if the job-step TCB is "dirty". If there are any stack-related commands in the REXX exec, TSO/E checks the job-step TCB and marks the parallel side dirty if the job-step dirty bit is on. Examples of stack-related commands are: PUSH, PULL, QUEUE, MAKEBUF. Even though TSOEXEC creates a "clean" parallel side in a TSOE address space, TSOE can mark the parallel side "dirty" if the REXX exec is being used and depending on what REXX is doing. |
Copyright IBM Corporation 1990, 2014
|