LISTSERV - HP3000-L Archives

HP3000-L Archives

April 1998, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L April 1998, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: rexec daemon
From:	Dirickson Steve <[log in to unmask]>
Reply To:	Dirickson Steve <[log in to unmask]>
Date:	Wed, 1 Apr 1998 15:49:20 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

        <<we've been down this path...but i thought i'd ask again :-)
        we don't have a native rexec daemon for mpe, right?

        assuming the answer is 'yes', i'll say i've already installed
        jim wowchuk's mpe daemon software.  it works wonderfully!
        (thanks, jim) but it also opens pandora's box.  if i've got a
        clever unix-type, that person can enter any command
        and mped will execute it -- not a good thing.

        i'm trying to write a 'command wrapper' (to invent
        a phrase :-) that will intercept *every* command
        issued to mped to decide if the command is allowable.
        obviously, saying what is allowed is a much shorter
        list than the not-allowed one.  udc's won't work
        because a udc has to have a name.  that is, if i
        write udc's to look for say...listf, showjob and
        showtime...they work but as soon as mped gets
        a command for say purge - i'm not trapping for
        it and something just got purged -- again not good.

        a logon udc doesn't work because mped runs
        in a job.  so once the job logs on - the udc's
        been excuted and you're done.

        i need 'something' that sits on top of the ci
        for the mped user.  or a really rexecd :-)         - d>>


Speaking from a position of profound ignorance, I'm guessing from the
items mentioned that
1)      "MPED" provides remote execution of MPE commands
2)      "MPED" logs on as MANAGER.SYS or some similar high-privilege
level user
3)      "MPED" does not interact with the remote user to identify &
authenticate that user
4)      Possibly as a result of #3, "MPED" does not use AIFCHANGELOGON
to "become" some less-privileged user

AIFCHANGELOGON is not perfect, but most of its "warts" are in the
direction of reducing the capabilities of the user compared to the
pre-change setup.

If any of the above is valid, then one option might be to run "MPED" as
some less-privileged user; another would be to ask Jim to implement an
optional AIFCHANGELOGON capability to change to some other logon and
environment, possibly based on input from the remote user and validated
using info from AIFACCTGET.

Steve


Steve Dirickson         WestWin Consulting
(360) 598-6111  [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU