Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories Runtime
Created by Guest
Created on Sep 24, 2012

CMDPROT for calls to External Resource Managers such as MQ and DB2.

Even with Storage Protection active in CICS, it is possible for a USERKEY application program to cause CICSKEY storage to be overlayed. This can happen if the USERKEY program specifies the address of CICSKEY storage as one of the output parameters on an External Resource Manager call such as an MQ API call or an SQL call. In affect, the USERKEY program hires the External Resource Manager (which runs in CICSKEY) to alter storage that the USERKEY program couldn't directly alter.
.
There used to be a similar problem in CICS with EXEC CICS commands. That problem is solved by setting SIT parameter CMDPROT to YES. This activates checking by CICS, on every EXEC CICS command, to make sure that the application can alter the storage pointed to by the addresses passed in for any output parameters on the EXEC CICS command. With this checking activated, a USERKEY application can not tell CICS to write to an area that the USERKEY application can not write to directly.
.
There needs to be something similar to CMDPROT for calls to External Resource Managers. If it is not possible to extend this checking to calls to all resource managers, it needs to be provided for calls to MQ and DB2 and TCPIP and IMS.

Idea priority High
  • Guest
    Reply
    |
    Oct 5, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - Transaction Processing
    Product - CICS Transaction Server

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - CICS Transaction Server

  • Guest
    Reply
    |
    Oct 25, 2012

    From a legal point of view it would not be possible to provide such functionality for just MQ, DB2, TCPIP and IMS and not for other users of the RMI.
    Such functionality requires the TRUE to have knowledge of the specifics of the API which is not always the case, eg DB2 TRUE.
    We have no plans to provide such functionality.