LISTSERV - HP3000-L Archives

HP3000-L Archives

April 1997, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 1997, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: POSIX/MPE security inconsistencies
From:	Michael Anderson <[log in to unmask]>
Reply To:	Michael Anderson <[log in to unmask]>
Date:	Thu, 3 Apr 1997 09:42:45 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (40 lines)

Mark Bixby wrote:
>
> MPE requires AM or SM capability to view file creators, but POSIX will let
> anybody view this information.  I.e. a vanilla non-prived user can do this:

[snip]

>
> POSIX is supposed to work this way with respect to file creators.  Can anybody
> else think of cases where POSIX policies contradict long-held MPE policies?

I have found that using the POSIX shell I can install a new version of an
application while it is being used/loaded by one or more users. MPE would
never allow this!

For example, my Sales Branch application.
------------
:RENAME SBR0000,SBR0000O
EXCLUSIVE VIOLATION: FILE BEING ACCESSED  (FSERR 90)
Open failed on file "SBR0000.BRANCH.TIW".  Not renamed. (CIERR 372)
------------

However in POSIX I can:

---------------------
> mv SBR0000 SBR0000O
> mv SBR0000N SBR0000
>---------------------

I kinda like the idea of bypassing the need to log users off the system to do
this, but then I make some people around here (TIW) nervous.

Cheers,
Michael Anderson,

System Programmer
TIW Corporation

ATOM RSS1 RSS2

RAVEN.UTC.EDU