Restoring programs

Restoring programs to your system that are obtained from an unknown source poses a security exposure. This topic provides information about the factors that should be taken into consideration when restoring programs.

Programs might perform operations that break your security requirements. Of particular concern are programs that contain restricted instructions, programs that adopt their owner authority, and programs that have been tampered with. This includes object types *PGM, *SRVPGM, *MODULE, and *CRQD. You can use the QVFYOBJRST, QFRCCVNRST, and QALWOBJRST system values to prevent these object types from being restored to your system.

The system uses a validation value to help protect programs. This value is stored with a program and recalculated when the program is restored. The system's actions are determined by the ALWOBJDIF parameter on the restore command and the Force conversion on restore (QFRCCVNRST) system value.

Note: Programs contain information that allows the program to be re-created at restore time if necessary. The information needed to re-create the program remains with the program even when the observability of the program is removed. If a program validation error is determined to exist at the time the program is restored, the program will be re-created in order to correct the program validation error.

Programs converted at restore time can be mitigated for Spectre and Meltdown vulnerabilities, if desired. For more information see Mitigating Spectre and Meltdown vulnerabilities in new and existing programs in the Planning and setting up system security topic.

Restoring programs that adopt the owner’s authority:

When a program that adopts owner authority is restored, the ownership and authority to the program might be changed. The following applies:
  • The user profile doing the restore operation must either own the program or have *ALLOBJ and *SECADM special authorities.
  • The user profile doing the restore operation can receive the authority to restore the program by
    • Being the program owner.
    • Being a member of the group profile that owns the program (unless you have private authority to the program).
    • Having *ALLOBJ and *SECADM special authority.
    • Being a member of a group profile that has *ALLOBJ and *SECADM special authority.
    • Running under adopted authority that meets one of the tests just listed.
  • If the restoring profile does not have adequate authority, all public and private authorities to the program are revoked, and the public authority is changed to *EXCLUDE.
  • If the owner of the program does not exist on the system, ownership is given to the QDFTOWN user profile. Public authority is changed to *EXCLUDE and the authorization list is removed.