From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Tuesday, January 07, 2014 10:13 AM
To: 'Midrange Systems Technical Discussion'
Subject: System value - Share Memory Control (QSHRMEMCTL)
Security audit is requesting we change this from 1 (share) to 0 (cannot share).
Has anyone dealt with this, notice any performance hits when setting to 0.
The Share Memory Control (QSHRMEMCTL) system value defines which
users are allowed to use shared memory or mapped memory that has write
Your environment may contain applications, each running different jobs, but
sharing pointers within these applications. Using these APIs provides for
better application performance and streamlines the application development
by allowing shared memory and stream files among these different
applications and jobs. However, use of these APIs might potentially pose a
risk to your system and assets. A programmer can have write access and can
add, change, and delete entries in the shared memory or stream file.
To change this system value, users must have *ALLOBJ and *SECADM special
authorities. A change to this system value takes effect immediately.
Note: This system value is a restricted value. See Security system
sval.htm#rzarlsysval> for details on how to restrict changes to security
system values and a complete list of the restricted system values.
Table 1. Possible values for the QSHRMEMCTL system value:
Users cannot use shared memory, or use mapped memory that has write
This value means that users cannot use shared-memory APIs (for example,
shmat() - Shared Memory Attach API), and cannot use mapped memory
objects that have write capability (for example, mmap() - Memory Map a File
API provides this function).
Use this value in environments with higher security requirements.
Users can use shared memory or mapped memory that has write capability.
This value means that users can use shared-memory APIs (for example,
shmat() - Shared Memory Attach API), and can use mapped memory objects
that have write capability (for example, mmap() - Memory Map a File API
provides this function).
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact