LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2000, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2000, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: MasterOp and STREAMX
From:	Carl Kemp <[log in to unmask]>
Reply To:	Carl Kemp <[log in to unmask]>
Date:	Tue, 23 May 2000 13:56:17 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (56 lines)

Well, for that, I'd use MasterOp's INPUTKEY and OUTPUTKEY features. It lets
you lock down who can stream what jobs. As long as the user doesn't have
write access to the job files, that should be relatively safe.

-----Original Message-----
From: Michael D. Hensley [mailto:[log in to unmask]]
Sent: Tuesday, May 23, 2000 1:26 PM
To: [log in to unmask]; [log in to unmask]
Subject: MasterOp and STREAMX

Dick Cooman:

> We are implementing MasterOp as our batch scheduling system.  We have MPEX
> and are in the process of requesting SECURITY/3000.  Is there a way to
have
> MasterOp use STREAMX instead of MPE's STREAM command when it does its
> STREAM, STREAM1, and STREAM2 commands?  I expect some of our jobs will
have
> STREAMX logic put in them, and it would be nice to use these jobs with
> MasterOp too.  Would we be losing any MasterOp capabilities like the auto-
> REPLY entries?  Any thoughts or ideas would be appreciated.

Having MasterOp use STREAMX is trivial (in MPEX, type "%SEC HELP STREAMNL"
for details -- you have several options).

Keeping system security intact is a whole other question.  Consider:
MasterOp
probably has to log on with SM and/or PM so that it can stream any job on
the
system.  If any user is permitted to submit jobs through MasterOp, it is
very
simple to write a job (using STREAMX commands) that (for example) looks up
the "GOD" lockword and writes it to a file that the user can later read.
This can be done with no evidence showing in either the job's $STDLIST or
MasterOp's.

When I worked at VESOFT, I designed a solution for third party job
scheduling
packages that wanted to use STREAMX safely.  None of them ever implemented
it.

If you have *any* program modified to use STREAMX, and the program logs on
as
a user with SM/PM, anyone who can submit jobs through that program has SM/PM

(because STREAMX is much more than a parameter and password substitution
program -- it's a full scripting language (MPEX!)).

Good luck!

---
Michael D. Hensley       | mailto:[log in to unmask]
Allegro Consultants Inc. | Visit scenic http://www.allegro.com
408/252-2330             | "Support Bill of Rights Enforcement"

ATOM RSS1 RSS2

RAVEN.UTC.EDU