LISTSERV - HP3000-L Archives

HP3000-L Archives

December 2000, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 2000, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: improved abortjob (was PX2LXD4(A))
From:	Ted Ashton <[log in to unmask]>
Reply To:	Ted Ashton <[log in to unmask]>
Date:	Fri, 8 Dec 2000 14:30:44 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (40 lines)

Thus it was written in the epistle of Stigers, Greg [And],
> Ted, are you suggesting that an ABORTJOB UDC could look up, say,
> jinetd,manager.sys, and find that the command to end it is to run inetd -k
> or stream a job containing this? Or for homegrown apps, it might find that
> someutil,job.app requires it to stream killutil,job.app? How would one
> handle the security considerations for allowing this shutdown job to stream
> whatever other job streams? And then, the lookup file would have to be
> secured, so that a wily hacker could not add an interesting entry, to have
> abortjob stream an arbitrary job (which the other security * ought * to be
> able to prevent). Could something like this work with the patchwork of
> third-party job managers, MasterOp, SEC / 3000, SAFE / 3000, Security
> Monitor, nothing, and home grown hacks?

Greg,
  I don't think it's that complicated.  I don't want ABORTJOB to do anything
you couldn't do before.  This is not an suid something-or-other (to use the
official Un*x terminology ;-).  I was just recommending that ABORTJOB look in a
publicly readable file and do what it says to do there.  If you ain't allowed
to do whatever it is you're trying to do, I expect MPE to catch you and
administer appropriate discipline.
  In fact, I'd recommend *not* calling this new thing ABORTJOB at all.  I'd
call it JOBSTOP or some such and have it do what it is configured to do (e.g.
run inted -k for JINETD as you said) and if it doesn't know what to do, issue
an ABORTJOB.

Hoping that clears it up,
Ted

P.S.  Of course the person who runs this UDC would be the "everlasting
jobstopper" :-).
--
Ted Ashton ([log in to unmask]), Info Sys, Southern Adventist University
          ==========================================================
How can it be that mathematics, being after all a product of human thought
independent of experience, is so admirably adapted to the objects of
reality?
                                        -- Einstein, Albert (1879-1955)
          ==========================================================
         Deep thoughts to be found at http://www.southern.edu/~ashted

ATOM RSS1 RSS2

RAVEN.UTC.EDU