× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2004

RE: Adopted authority vs profile switching

Pete,

I have been adopted authority to perform swaps for a few years now and
it seems to work well. It is very difficult to close all entry points to
an iSeries system. Also, many believe that only authorized program/user
combinations should be able to update some types of data (not DFU,
ad-hoc SQL, etc.). With those things in mind, the only solution is
adoption or some form of swapping. Adoption used to always work but
there are quite a few areas it doesn't cover like IFS and recursive
triggers. That leaves some form of swapping from a program that adopts.
The most efficient and least intrusive way I have found to swap is to
use the POSIX set effective group/supplemental group APIs along with the
call stack termination exit. There are a few inconsistent areas where
this won't work (debug, sbmjob w/user, ?), and some cases (registered
exits, ?) where you can't reset the swap when the program comes off the
stack but overall I think it is a good solution.

David Morris

>>> pbhall@xxxxxxxxxxxxx 7/22/2004 5:46:04 PM >>>
AThis sounds pretty scary.  I've known about adopted authority since
the
>early days of the AS/400, but profile switching is news to me.
>
>Am I reading this right?  Joe User can sign on with his profile, use
some
>magic command, and he can become QSECOFR?  With no trace back to Joe
>User's profile?

It's not all that scary. You could potentially do that if you knew the

password, but then you could log on as qsecofr anyway. The concern as I
see 
it, is that in order to swap profiles without knowing the password
(which 
is desirable for programmatic use), you need to have *USE authority to
the 
user profile. That can cause some security exposure unless it's handled

very intelligently. I really don't think profile swapping is more
dangerous 
than adopting authority. The issues are a little more subtle perhaps,
but 
not all that different. I think if you're going to be using profile 
swapping, the swapped-to profile should not have more authority than
the 
user. It should just have one specific capability that's needed for a 
particular job step. Once that part of the job is done, the original
user 
should be restored. If the need for profile swapping is security
related, 
maybe the program that does the swap needs to run with adopted
authority. 
Oh, what tangled webs we weave...

Pete Hall

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.