I think I see the logic behind this restriction.
As I understand it, HFS subdirectories don't
have MPE Group attributes, (PH,DS,MR,PM,IA,BA).
IA is assumed in an HFS subdirectory otherwise how could you
use the shell in a session?
BA is assumed in an HFS subdirectory otherwise how could you
use the shell in a batch job (or use "cron" or "at")?
PH is assumed in an HFS subdirectory otherwise how could a
HFS program run another program in the shell or how could
HFS program fork?
I never did fully understand what DS and MR did for me, not
being a 3GL programmer, but if I had programs that needed it,
I darn sure gave the groups they reside in, that ability.
Don't know it if even applies to HFS subdirectories.
That leaves PM, I presume that by preventing HFS use of PM that
is a big security FEATURE, otherwise POSIX code in HFS
subdirectories could run GOD or GOD-like (I presume some
can already but that's beside the point) programs.
Allowing it seems to me like a big security HOLE. HFS
subdirectories don't have the same ACCESS= matrix that MPE groups
do. I.e., R,W,A,L,X,S + ANY, AC, GU, AL, GL. The HFS
subdirectory security matrix is only thus: drwxrwxrwx [with
each rwx trigraph similar to (I think) SM AM, and GU in descending
order.] There is no Lock, nor difference between Write, Append,
and Save. Allowing PM in an HFS subdirectory appears (on the
surface) to allow no end of mischief, especially should one
find itself in a web enabled HPe3000 (like my Empire machine),
and run PM code residing in a simple HFS subdirectory from a
browser or CGI script?
The other oddity is that (it appears to me) that files in HFS
subdirectories can't use lockwords. If you're going to allow
PM in HFS, you'll need some mechanism to prevent non-creator,
non-AM, non-SM users to lock their PM files.
Perhaps all the above is one of the main reasons one never
sees MPE/V and MPE/iX in CERT advisories or CIAC bulletins.
Tracy Johnson
MSI Schaevitz Sensors
-----Original Message-----
From: Stan Sieler [mailto:[log in to unmask]]
Hi,
The current wording on SIGMPE item #24 needs clarification.
It's now:
24. Currently, programs that require PM must reside in an MPE group.
The proposal is to remove this restriction.
It should be:
24. Currently, programs that require PM must reside in an MPE group.
This can be a problem for some programs that want to reside
outside a group (i.e., with an HFS name).
The proposal is to provide a secure method of removing or reducing
this restriction. One possibility would be to have a system manager
created list of HFS program files that are allowed to get PM
capability.
Remember, vote at:
http://oblina.csillc.com/sigs or
http://207.103.9.100/sigs
--
Stan Sieler [log in to unmask]
www.allegro.com/sieler/wanted/index.html www.sieler.com
|