Here is what the article says:
"Got sensitive data? Then use fetch protection!" And then talks
about fetch protection, etc.
Then on the other side of the page:
"TIP : Do NOT use subpool 0 for anything
if possible – even in unauthorized code.
Don’t be in the bucket with the world and its wife
Hard to locate storage leaks"
A little knowledge can be dangerous with someone that does not
understand the knowledge.
Regards,
Steve Thompson
On 7/11/2024 9:10 PM, Michael Watkins wrote:
I think the actual document cautions against using key 0, not subpool 0.
But maybe I'm looking at the wrong GSE document from 2019 ('Secure Engineering:
How to develop authorized code without compromising z/OS system integrity' by
Rob Scott, Rocket Software).
-----Original Message-----
From: IBM Mainframe Assembler List <[email protected]> On Behalf
Of Seymour J Metz
Sent: Thursday, July 11, 2024 7:48 PM
To: [email protected]
Subject: Re: Subpool 0 Usage
CAUTION: This email originated from outside of the Texas Comptroller's email
system.
DO NOT click links or open attachments unless you expect them from the sender
and know the content is safe.
Well, SP0 is shared by default. Then there's that whole business of converting
SP0 to SP252.
Of course, it depends on the context. Authorized? Subtasks? Multi-user?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
עַם יִשְׂרָאֵל חַי
נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר
________________________________________
From: IBM Mainframe Assembler List <[email protected]> on behalf of
Janko Kalinic <[email protected]>
Sent: Thursday, July 11, 2024 3:14 PM
To: [email protected]
Subject: Subpool 0 Usage
I just read that you should NOT use Subpool 0 for anything if possible.
Thoughts?
Regards,
John K
