Subject: | |
From: | |
Reply To: | |
Date: | Tue, 23 May 2000 11:25:42 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Dick Cooman:
> We are implementing MasterOp as our batch scheduling system. We have MPEX
> and are in the process of requesting SECURITY/3000. Is there a way to have
> MasterOp use STREAMX instead of MPE's STREAM command when it does its
> STREAM, STREAM1, and STREAM2 commands? I expect some of our jobs will have
> STREAMX logic put in them, and it would be nice to use these jobs with
> MasterOp too. Would we be losing any MasterOp capabilities like the auto-
> REPLY entries? Any thoughts or ideas would be appreciated.
Having MasterOp use STREAMX is trivial (in MPEX, type "%SEC HELP STREAMNL"
for details -- you have several options).
Keeping system security intact is a whole other question. Consider: MasterOp
probably has to log on with SM and/or PM so that it can stream any job on the
system. If any user is permitted to submit jobs through MasterOp, it is very
simple to write a job (using STREAMX commands) that (for example) looks up
the "GOD" lockword and writes it to a file that the user can later read.
This can be done with no evidence showing in either the job's $STDLIST or
MasterOp's.
When I worked at VESOFT, I designed a solution for third party job scheduling
packages that wanted to use STREAMX safely. None of them ever implemented it.
If you have *any* program modified to use STREAMX, and the program logs on as
a user with SM/PM, anyone who can submit jobs through that program has SM/PM
(because STREAMX is much more than a parameter and password substitution
program -- it's a full scripting language (MPEX!)).
Good luck!
---
Michael D. Hensley | mailto:[log in to unmask]
Allegro Consultants Inc. | Visit scenic http://www.allegro.com
408/252-2330 | "Support Bill of Rights Enforcement"
|
|
|