Both the LE CAA and the COBOL working storage reside in dynamically acquired storage; it doesn't matter whether that's GETMAIN or STORAGE OBTAIN.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Assembler List <[email protected]> on behalf of Farley, Peter x23353 <[email protected]> Sent: Monday, November 16, 2020 4:45 PM To: [email protected] Subject: Re: security with storage allocation under z.OS It is not necessary to getmain storage in which to run a dynamically created program. I wrote a simple subroutine to retrieve the LE CAA address from R12 that can be stored in a COBOL WORKING-STORAGE area and executed very easily. Sample code below. You could copy this simple subroutine into any dynamically acquired storage you wish and execute it from there as well. There are times I wish that Ent. COBOL had an inline assembler option like the MetalC compiler does, not that I ever expect it to happen. Too small a business case for an RFE. I’ll bet someone could cobble something like a workable “inline ASM” using a COBOL-oriented macro processor like MetaCOBOL (does anyone still have that around?), or you could brute-force it with an awk or gawk script or even a rexx/perl/lua script. Trickier and more error prone, but possible. Peter GETCAA code in WORKING-STORAGE, pointers to use it, and sample PROCEDURE division code to invoke it: . . . . . 01 WS-GETCAA-PROGRAM. * GET ARGUMENT ADDRESS L 15,0(,1) 05 FILLER PIC X(04) VALUE X'58F01000'. * STORE A(CAA) INTO ARGUMENT ST 12,0(,15) 05 FILLER PIC X(04) VALUE X'50C0F000'. * SET RETURN-CODE = 0 XR 15,15 05 FILLER PIC X(02) VALUE X'17FF'. * RETURN TO CALLER BR 14 05 FILLER PIC X(02) VALUE X'07FE'. 01 WS-CAA-PTR. 05 COBCAA-ADDR PROCEDURE-POINTER. 05 FILLER REDEFINES COBCAA-ADDR. 10 COBCAA-ADDR1 POINTER. 10 COBCAA-ADDR2 POINTER. 01 GETCAA-ADDR1 POINTER. . . . . . PROCEDURE DIVISION. . . . . . * GET CAA ADDRESS VIA EMBEDDED ASSEMBLER CODE SET GETCAA-ADDR1 TO ADDRESS OF WS-GETCAA-PROGRAM SET COBCAA-ADDR TO GETCAA-ADDR1 CALL COBCAA-ADDR USING GETCAA-ADDR1 -----Original Message----- From: IBM Mainframe Assembler List <[email protected]> On Behalf Of Ze'ev Atlas Sent: Monday, November 16, 2020 12:25 PM To: [email protected] Subject: security with storage allocation under z.OS Hi allIn the 1970's I probably could have done some getmain, write some code into that obtained memory and jump to that code. I assume that nowadays, this would be impossible and there is some security model to prevent such a security breach.Do you know where can I find information on the mainframe security model under z/OS. Ze'ev Atlas -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
