In the June 20th SecureMyi Security Newsletter, Dan Riehl has a nice article about using the Use Adopted Authority system value (QUSEADPAUT) to keep programs that were compiled with adopted authority from having that authority flow down the call stack to any subprograms the adopted authority program called.
The history of the article is somewhat amusing as Dan explains how in its initial implementation, IBM deployed the concept of limiting adopted authority exactly backwards. But as time went on, IBM eventually got its QUSEADPAUT act together.
It’s a good read and valuable for limiting how far down the call stack adopted program authority can go. You can read the whole article by clicking here.
**************************************************
Follow Joe Hertvik on Twitter @JoeHertvik. You can also add Joe to your professional network on LinkedIn by clicking here.