Michael P. Smith writes:
> If my thinking is right, no matter how A.B.C is aborted, the temporary SM
> capability would be lost and there would be no security breach. Also, the
> reason that I keep giving SM and taking SM away from A.B.C is to make the
> example simpler. In reality I would probably give SM to the process and
> only take it away if I allowed the user to execute CI commands from within
> the program (in which case if I left SM on the process the user would have a
> means of exploiting the SM capability).
Just make sure that your temporary SM program disallows :FILE equations when
you open your files. You don't want a malicious user telling your program to
open files that it isn't supposed to.
--
Mark Bixby E-mail: [log in to unmask]
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support Voice: +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)