IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace COBOL Compilers
Categories z/OS
Created by Guest
Created on Aug 3, 2022

RELATED IDEAS

Enterprise COBOL V5+ - Possibility to encrypt the source code present in the dwarf section

The TEST(dwarf,source) option stores the source code (not the compilation listing) in the dwarf section. Moreover, it is the source code expanded after resolution of the calls of copybooks which is stored. This is useful for debugging (tracing) or dump analysis because all the necessary informations are present in the loadmodule, and no external Listing management is needed anymore. In CI/CD logic, this greatly eases the deployment process by eliminating the need to synchronize loadmodule and debug informations. Nevertheless, we must respect a security rule which is imposed on us: not to divulge the source codes which must only be accessible to duly authorized persons. Storing the source code in the dwarf section then becomes a problem. We would like the information stored in the dwarf section, and in particular the source code, to be able to be encrypted and can only be read back in the clear with a decryption key (which should be kept outside the dwarf section and used by access mechanisms by server and not directly by a physical person, which would amount to exposing the encryption key).
Idea priority Medium
  • Admin
    Basil Kanneth
    Reply
    |     Nov 23, 2022

    This Idea is being rejected with comments from November 1st.

  • Admin
    Basil Kanneth
    Reply
    |     Nov 1, 2022

    Hi Denis, we are proposing an existing way to include the dwarf data, but just in a side file (via SYSDEBUG DD).

    To clarify:

    TEST(NOSEP,NOSOURCE) means we generate all debug sections except the captured source section.

    With a future version of IDz, we plan to support so-called source level debug. Meaning, user can debug against user source rather than the expanded source (which is stored in dwarf when TEST(SOURCE)). With source level debug, user can provide the location of user source files and/or copybooks at debug time.

    TEST(SEP,SOURCE) means we generate all debug sections including the captured source section. But the dwarf data is put in a debug side file (SYSDEBUG DD). Thus synchronization of load module and debug informations is needed.

    Instead, if we were to include some sort of encryption key for the dwarf information, that encryption key would also need to stored in a side file and kept in sync with the load modules. Also, this would affect a lot of downstream consumers of this dwarf information.

    As a result, for now, storing the dwarf info in a side file by using TEST(SEP,SOURCE) is likely the best option.



  • Guest
    Reply
    |     Oct 12, 2022

    Hi,

    I don't understand your answer...

    The request is to have dwarf information in the loadmodule to be able to debug, but that its recovery in clear is not possible without providing a decryption key.

    You are proposing not to include dwarf information...that is not my request.

  • Admin
    Basil Kanneth
    Reply
    |     Sep 28, 2022

    Hi, we have reviewed this Idea and recommend using the compiler option of TEST(NOSEP,NOSOURCE) so that the source is not included; or TEST(SEPARATE,SPURCE) so the source is copied into the SYSDEBUG file and not available in the object.

    Please let us know your thoughts. Thanks.

  • Admin
    Basil Kanneth
    Reply
    |     Sep 6, 2022

    This Idea is being investigated further and needs more time.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.