Security audit is requesting we change this from 1 (share) to 0 (cannot share).
Has anyone dealt with this, notice any performance hits when setting to 0.
The Share Memory Control (QSHRMEMCTL) system value defines which users are allowed to use shared memory or mapped memory that has write capability.
Your environment may contain applications, each running different jobs, but sharing pointers within these applications. Using these APIs provides for better application performance and streamlines the application development by allowing shared memory and stream files among these different applications and jobs. However, use of these APIs might potentially pose a risk to your system and assets. A programmer can have write access and can add, change, and delete entries in the shared memory or stream file.
To change this system value, users must have *ALLOBJ and *SECADM special authorities. A change to this system value takes effect immediately.
Note: This system value is a restricted value. See Security system values<http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/rzarlsysval.htm#rzarlsysval> for details on how to restrict changes to security system values and a complete list of the restricted system values.
Table 1. Possible values for the QSHRMEMCTL system value:

0

Users cannot use shared memory, or use mapped memory that has write capability.
This value means that users cannot use shared-memory APIs (for example, shmat() - Shared Memory Attach API), and cannot use mapped memory objects that have write capability (for example, mmap() - Memory Map a File API provides this function).
Use this value in environments with higher security requirements.

1

Users can use shared memory or mapped memory that has write capability.
This value means that users can use shared-memory APIs (for example, shmat() - Shared Memory Attach API), and can use mapped memory objects that have write capability (for example, mmap() - Memory Map a File API provides this function).



Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/





Return to Archive home page | Return to MIDRANGE.COM home page