Is Intertest CICS Compatible with the z/OS Address space layout randomization (ASLR) feature?

book

Article ID: 212136

calendar_today

Updated On:

Products

CA InterTest - CICS

Issue/Introduction

We are planning to implement a feature in z/OS called Address Space Layout Randomization (ASLR). 

Address space layout randomization (ASLR) is a technique that is used to increase the difficulty of
performing a buffer overflow attack that requires the attacker to know the location of an executable in
memory. A buffer overflow vulnerability is a flaw in software written in a memory-unsafe programming
language, such as C. Such a flaw is characterized by a failure of an application to validate the size of user
input data that is written to memory. An application can remedy this flaw by checking the length of the
user input data and throwing an exception or issuing an error message if the actual length does not match
the expected length.
z/OS provides options to enable ASLR for 24-bit and 31-bit low private storage as well as for 64-bit
private storage. When enabled, the feature affects all storage allocations in the specified storage ranges
(not just executables). Common storage, 24- and 31-bit high private storage (including LSQA), high virtual
shared, the high virtual local system area and the 2G-64G area are unaffected.

Could you please confirm that CA Intertest for CICS is compatible with ASLR and there are no outstanding fixes required ?

Environment

Z/OS 

CICS

Resolution

Turning on the z/OS ASLR feature in your environment will NOT cause any problems with Intertest CICS. We also have no reported problems or fixes required by Intertest CICS at this time.