The "Dirty" Bit

OMVS uses program control to prevent unauthorized programs from using security services which allow a process to change its uid.

Although ACF2 provides a mechanism to restrict access to data based on the program(s) being executed, it does not support the RACF concept of controlled libraries or Program Access to Data Support (PADS). RACF turns on the so-called "dirty" bit in the TCB (TCBNCTL) when a program is loaded which comes from outside of the controlled environment. ACF2 does not turn on this bit unless you override the PROGMCHK SAFDEF. Refer to the ACF2 Cookbook for more information.

The dirty bit may also be turned on:

Some OpenEdition services will not operate in a "dirty" environment. These are security-related services usually invoked by OMVS daemons, such as "setuid" which allows a process to change identity. The errno returned is 157(X'9D') - EMVSERR - and the reason code (errno2) returned is JRENVDIRTY (X'xxxx02AF').

The extattr command can be used to turn on the program-controlled extended attribute. The BPX.FILEATTR.PROGCTL resource is used to control who can set this attribute.

See also:

Big Iron