TAA Tools

The Print  Adopted Programs 2  command provides an  analysis of one  or
more  programs  in  a  library  that  adopt  the owners  profile.    It
performs  checking  of  the  program  and  sub  programs  to  assist in
determining if the  programs are written so  they may not be  exploited
for non-secure functions.

PRTADPPGM2  differs from  the  PRTADPPGM  tool in  that  the format  is
intended  more for periodic  reviews of an  existing application rather
than system wide checking.

PRTADPPGM2 looks for the following conditions:

     - Any CL programs that use user commands
     - Any programs that are called without a qualified library
     - Any programs that run commands using QCMDEXC
     - Any programs that are called using variable names

A typical command would be:

           PRTADPPGM2   LIB(xxx)

All programs in the library would be analyzed.

Only a user with *ALLOBJ special authority can use PRTADPPGM2.

PRTADPPGM2 analyzes  up  to  3  sub  levels of  programs  that  may  be
called.   For  example, assume  PGMA  adopts its  owners authority  and
calls a structure of programs such as:


The  printed output is indented  in a similar manner  to provide a good
view of  the program  structure.   Each  of the  sub programs  is  also
checked.   Sub  programs are  also checked  to determine  if they  have
used the  CHGPGM USEADPAUT(*NO) function so that they  do not adopt the
authorities that exist in the program stack.

How the tool performs checking

Checking  of user commands  in CL programs is  done using the CHK400CMD
TAA Tool.  The  source of the program  must exist in the  same location
used to create the program for this check to occur.

Sub programs are  accessed using DSPPGMREF.  They do not  have to be in
the  same library as  named on the  PRTADPPGM2 command.   DSPPGMREF can
cause some  misleading information  such as  if the  DSPPGM command  is
used or  another command  where a  PGM parameter  is named.   DSPPGMREF
does not  distinguish between this case and  when you call the program.

When QCMDEXC is  used, PRTADPPGM2 can  only point out  the fact  rather
than determining the actual program that is called.

The intent of PRTADPPGM2  is not to provide a perfect  solution, but to
avoid much  of the tedious  effort of checking to  ensure that programs
are  written in secure  manner.  With  PRTADPPGM2, you will  be able to
concentrate on smaller set of critical functions.

Command parameters                                    *CMD

   LIB           The library to be checked.

   PGM           The program to  be checked.  The  default is *ALL.   A
                 single program or a generic name may be specified.


The information is only as good as the information provided by:

  **   CHK400CMD TAA  Tool.  This  tool is shipped with  commands found
       from  i5/OS and a  few Program Products.   Instructions with the
       tool describe how to  add other commands.   If a command is  not
       in the list,  it is flagged as  a user command.   There are only
       a few exception conditions that are missed.

  **   DSPPGMREF.   The  system command  is  accurate, but  can produce
       some excess information  such as  when a PGM  parameter is  used
       on a  command.   The system creates  the same  output as  if the
       program had been called.


The following TAA Tools must be on your system:

     CHKALLOBJ      Check *ALLOBJ authority
     CHK400CMD      Check i5/OS commands
     RTVSYSVAL3     Retrieve system value 3
     RTVPGMA        Retrieve program attributes
     SNDCOMPMSG     Send completion message
     SNDESCMSG      Send escape message
     SNDSTSMSG      Send status message


None, the tool is ready to use.

Objects used by the tool

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   PRTADPPGM2    *CMD                   TAASEDE       QATTCMD
   TAASEDEC      *PGM       CLP         TAASEDEC      QATTCL
   TAASEDEC2     *PGM       CLP         TAASEDEC2     QATTCL
   TAASEDEC3     *PGM       CLP         TAASEDEC3     QATTCL
   TAASEDEC4     *PGM       CLP         TAASEDEC4     QATTCL
   TAASEDER      *PGM       RPG         TAASEDER      QATTRPG

Added to TAA Productivity tools May 1, 1996

Home Page Up to Top