HP3000-L Archives

April 1997, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: POSIX/MPE security inconsistencies
From:
Alan AMBERS <[log in to unmask]>
Reply To:
Alan AMBERS <[log in to unmask]>
Date:
Sun, 6 Apr 1997 10:40:00 -0400
Content-Type:
text/plain
Parts/Attachments:
C9638444.txt (93 lines) 
Mike said...

As far as I'm aware [and we designed it this way], there are no POSIX functions
that violate MPE security rules ... and I include unlink() in this category.
You can't unlink() a file that you couldn't remove via an FOPEN/FCLOSE(delete)
sequence.  The same security check is done in both cases.  unlink() provides
an immediate result that FOPEN/FCLOSE doesn't.  So, yes, POSIX is different
in some of its behaviors, but it doesn't provide backdoors to MPE security.
[Perhaps this is a semantic argument rather than one of substance; I'm not
sure.]

Mike P.
----------------------------------------------

Well I came up with another problem now I am just starting to
play with posix.

Log on in mpe
chgroup CMD
get into shell
everything works fine......  (actual session below failure session)

Here's the problem.
Log on in mpe
Here's the session

sh.hpbin.sys
$ pwd
/IC/HARDPUB
$ cd ..
$ cd CMD
$ ls -l
total 501
-rwx------   1 HARDWARE.IC       IC        117760 Apr  2 14:45 ALAN
-rwx------   1 MGR.IC            IC          5120 Apr  2 11:47 PRINTO
-rwx------   1 MGR.IC            IC          5120 Apr  2 11:50 STRING
-rwx------   1 MGR.IC            IC          1760 Apr  2 19:58 TRY
-rwx------   1 MGR.IC            IC        117760 Apr  2 19:59 alan
-rw-rw-rw-   1 HARDWARE.IC       IC            41 Apr  4 14:49 temp
-rw-rw-rw-   1 HARDWARE.IC       IC          2289 Apr  4 14:49 temp2
-rwx------   1 MGR.IC            IC          2560 Apr  4 14:48 try
-rwx------   1 HARDWARE.IC       IC          3040 Apr  4 12:20 try2
-rw-rw-rw-   1 HARDWARE.IC       IC             0 Apr  4 14:49 x1
$ try
try: cannot open script "try": Permission denied
$
Now, I know it is something with the fact that I must not be considered
the owner of the file.  I don't remember, but I must have created
the file "try" under MGR.IC.  I have continued to make all the
changes under HARDWARE.IC.


here's the other case when all works:
:showme
USER: #S2191,HARDWARE.IC,HARDPUB      (NOT IN BREAK) <XL3>
RELEASE: C.50.00   MPE/iX HP31900 B.79.06   USER VERSION: C.50.00
CURRENT: SUN, APR  6, 1997, 10:29 AM
LOGON:   SUN, APR  6, 1997, 10:26 AM
CPU SECONDS: 3         CONNECT MINUTES: 3
$STDIN LDEV: 26         $STDLIST LDEV: 26
:chgroup cmd
:sh.hpbin.sys
$ ls -l
total 501
-rwx------   1 HARDWARE.IC       IC        117760 Apr  2 14:45 ALAN
-rwx------   1 MGR.IC            IC          5120 Apr  2 11:47 PRINTO
-rwx------   1 MGR.IC            IC          5120 Apr  2 11:50 STRING
-rwx------   1 MGR.IC            IC          1760 Apr  2 19:58 TRY
-rwx------   1 MGR.IC            IC        117760 Apr  2 19:59 alan
-rw-rw-rw-   1 HARDWARE.IC       IC            41 Apr  4 14:49 temp
-rw-rw-rw-   1 HARDWARE.IC       IC          2289 Apr  4 14:49 temp2
-rwx------   1 MGR.IC            IC          2560 Apr  4 14:48 try
-rwx------   1 HARDWARE.IC       IC          3040 Apr  4 12:20 try2
-rw-rw-rw-   1 HARDWARE.IC       IC             0 Apr  4 14:49 x1
$ try
enter ldev to be found >
[snip rest of script]


So why am I condsidered the "owner" in one case and not the other?

Also, this is a 937 running under 5.0 and posix seems SO SLOW....

This file "try" is a script that does greps and seds against the
file alan.

When I run the same script on a UX (G-70) box, it seems much faster.

Is 5.5 any better?

/alan
[log in to unmask]

ATOM RSS1 RSS2