LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2000, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2000, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: sysstart question
From:	Kevin Newman <[log in to unmask]>
Reply To:	Kevin Newman <[log in to unmask]>
Date:	Mon, 15 May 2000 08:51:07 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (65 lines)

Be careful about this one Mark.  I could ftp as operator.sys, transfer a
jobstream over and then stream it.  You could get rather creative about what you
put into the job, as well as putting other "supporting files" in the pub area
for the job to use.  Unless you can positively lock out ftp, you have a hole you
need to worry about!

Kevin

Mark Ranft wrote:

> I do not pretend to have an answer for your SYSSTART question.  But I have a
> new direction to point you in entirely.
>
> I suggest that you do not want anyone signing on to the SYS account at all.
> No matter how careful a SYS account user is, SYS account users will create
> files and generally have the potential to mess up your system.  It also
> makes it nearly impossible to separate the HP delivered files from the ones
> accidentally left behind by people siging on to the SYS account.
>
> I suggest that the user OPERATOR.SYS has no password.  Additionally the SYS
> account has no password.  You heard me right.
> Anyone can sign on as OPERATOR.SYS.  The trick is to immediately log them
> off again.
>
> Instead consider the following logon UDC...
>
> :print udc.operator.sys
> SETUP
> OPTION LIST LOGON NOBREAK
> SETVAR HPAUTOCONT TRUE
>
> LIMIT 0,0
> DOWN 6  OPENQ 6
> SPOOLER LP;START
>
> STREAMS 10
> JOBFENCE 0
> JOBPRI CS
> JOBSECURITY LOW
> ALLOW @.@;COMMANDS=LOG,STARTSPOOL
> OUTFENCE 7
>
> STREAM JFIXMSG.JOB.A544
>
> echo Streaming job to STARTSESS (OPER.MyAcct) on LDev 20.
> STREAM JOPER.JOB.MyAcct
> BYE
> ***
>
> Most of  the commands executed are ignored if not entered at the console.
> The remainder of the commands are harmless.  Even restreaming the job to do
> a STARTSESS command to LDev 20 can be redone
>
> To go further, the next step (secret) is to have the OPER.MyAcct LOGON UDC
> attempts to ALLOCATE EDITOR.PUB.SYS.  If it is successful, we are doing an
> initial system startup and the UDC will run the rest of the system start up
> commands.
>
> Simple, elegant and easy to maintain.
>
> Mark Ranft - HP e3000 Internet Consultant
> Pro 3K
> www.Pro3K.com
> [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU