LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2001, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2001, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SIGMPE item 24 clarification
From:	"Johnson, Tracy" <[log in to unmask]>
Reply To:	Johnson, Tracy
Date:	Wed, 28 Feb 2001 09:48:29 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (79 lines)

I think I see the logic behind this restriction.
As I understand it, HFS subdirectories don't
have MPE Group attributes, (PH,DS,MR,PM,IA,BA).

IA is assumed in an HFS subdirectory otherwise how could you
use the shell in a session?

BA is assumed in an HFS subdirectory otherwise how could you
use the shell in a batch job (or use "cron" or "at")?

PH is assumed in an HFS subdirectory otherwise how could a
HFS program run another program in the shell or how could
HFS program fork?

I never did fully understand what DS and MR did for me, not
being a 3GL programmer, but if I had programs that needed it,
I darn sure gave the groups they reside in, that ability.
Don't know it if even applies to HFS subdirectories.

That leaves PM, I presume that by preventing HFS use of PM that
is a big security FEATURE, otherwise POSIX code in HFS
subdirectories could run GOD or GOD-like (I presume some
can already but that's beside the point) programs.

Allowing it seems to me like a big security HOLE.  HFS
subdirectories don't have the same ACCESS= matrix that MPE groups
do.  I.e., R,W,A,L,X,S + ANY, AC, GU, AL, GL.  The HFS
subdirectory security matrix is only thus:  drwxrwxrwx [with
each rwx trigraph similar to (I think) SM AM, and GU in descending
order.]  There is no Lock, nor difference between Write, Append,
and Save.  Allowing PM in an HFS subdirectory appears (on the
surface) to allow no end of mischief, especially should one
find itself in a web enabled HPe3000 (like my Empire machine),
and run PM code residing in a simple HFS subdirectory from a
browser or CGI script?

The other oddity is that (it appears to me) that files in HFS
subdirectories can't use lockwords.  If you're going to allow
PM in HFS, you'll need some mechanism to prevent non-creator,
non-AM, non-SM users to lock their PM files.

Perhaps all the above is one of the main reasons one never
sees MPE/V and MPE/iX in CERT advisories or CIAC bulletins.

Tracy Johnson
MSI Schaevitz Sensors

-----Original Message-----
From: Stan Sieler [mailto:[log in to unmask]]

Hi,

The current wording on SIGMPE item #24 needs clarification.

It's now:

   24. Currently, programs that require PM must reside in an MPE group.
       The proposal is to remove this restriction.

It should be:

   24. Currently, programs that require PM must reside in an MPE group.
       This can be a problem for some programs that want to reside
       outside a group (i.e., with an HFS name).

       The proposal is to provide a secure method of removing or reducing
       this restriction.  One possibility would be to have a system manager
       created list of HFS program files that are allowed to get PM
capability.

Remember, vote at:

 http://oblina.csillc.com/sigs      or
 http://207.103.9.100/sigs

--
Stan Sieler                                           [log in to unmask]
www.allegro.com/sieler/wanted/index.html                  www.sieler.com

ATOM RSS1 RSS2

RAVEN.UTC.EDU