Re: zSecure Audit Concern with EJES SVC

From: pinncons@xxxxxxxxxxxxxxxx (Pinnacle)
Date: 22 Jan 2009 07:22:18 -0800

----- Original Message ----- From: "Ulrich Boche" <ulrich.boche@xxxxxx>
Newsgroups: bit.listserv.ibm-main
Sent: Wednesday, January 21, 2009 4:10 PM
Subject: zSecure Audit Concern with EJES SVC

Recently, I ran a zSecure Audit MVS Tables status scan and one of its findings was the following:

Instruction scan hit, Updated using SVCUPDTE, Installation-defined SVCno, Caller may be unauthorized
Pri SVC ES# APF Function Appl U Sf Last update From Where
24 255 No 1 A1 0009D1B0 PVT
Index Address Where Key SP ScanIns Length AM Entry at Same addr as Eye catchers
CN 04FE1DB8 EPLPA M 584 31 EJESSVC .EJESSVC ..092720071430LICENSED MATERIAL, PROPERTY OF PHOENIX SOFTWARE INTERNATIONAL -- COPYRIGHT (C) 1990-2007..kx4..
O 0192EBA4 ENUC RO 2389 31 IGCERROR in IEANUC01 SVC 38 .. 0o..
I 00E240E8 PLPA 8 24 IGC0025E ..0414
Index Typ APF ESR Att Locks
Current 3/4 No No
Old 2 No No
Expect ??? ???
Instruction/Str/SVC scan results
ModeSupRB No

It looks like zSecure is all hot and bothered about the fact that the SVC was installed with SVCUPDTE, and that the caller may be unauthorized (never mind that the program that ran the SVCUPDTE had to be APF-authorized). If that's the case, this is a brain-dead exception. EJES is perfectly safe, people.

Regards,
Tom Conley

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.

References:
- zSecure Audit Concern with EJES SVC
  - From: Ulrich Boche

Prev by Date: Re: Rename OMVS files
Next by Date: Re: zSecure Audit Concern with EJES SVC
Previous by thread: Re: zSecure Audit Concern with EJES SVC
Next by thread: Re: zSecure Audit Concern with EJES SVC
Index(es):
- Date
- Thread

Relevant Pages

Re: SVC Update Utility
... CBT web site shows this for #183: ... SVCUPDTE in file 183 should do nicely I have used it before. ... Subject: SVC Update Utility ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ...
(bit.listserv.ibm-main)
Re: What is System Completion Code FD6?
... Call (SVC) instruction. ... the operand of the SVC instruction in hexadecimal. ... For IBM-MAIN subscribe / signoff / archive access instructions, ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ...
(bit.listserv.ibm-main)
RE: COND CODE 3592
... directly at an SVC 3 instruction. ... XCTL, or any of the mechanisms for scheduling IRBs, or any type 2-4 SVC ... If you want to know your TCB is a job step TCB, ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
(bit.listserv.ibm-main)
Re: System completion code FCD
... Fnn ... Supervisor Call (SVC) instruction. ... completion code X'F0D' means that the error occurred while the system ...
(bit.listserv.ibm-main)
zSecure Audit Concern with EJES SVC
... I ran a zSecure Audit MVS Tables status scan and one of its findings was the following: ... Instruction scan hit, Updated using SVCUPDTE, Installation-defined SVCno, Caller may be unauthorized ... My question now is, and maybe Ed Jaffe can take a look at that, what is this SVC doing that it gets such bad press from zSecure? ...
(bit.listserv.ibm-main)