<<if i understand what happens in the unix world with remsh and
rexec is they can create 'yes & no' lists.  ie, yes 'this' command is
allowed but no 'that' command is not.  incorporating this would be a 'jim'
thing since it's
        his software.  aif:pe would also be a jim thing.  but lets just
suppose jim doesn't want to change his code...i'm left with trying to trap
the command *after* it leaves the mped program but *before* it actually hits
the ci -- a udc that (i don't think) can be written short of the brute force
method (ugh)           - d>>


That also might or might not be a "jim thing", depending on how MPED
arranges to have the command executed. If it uses HPCICOMMAND
(or-ugh-COMMAND), you could  write an intercept intrinsic that validated the
requested command line against the yes/no list, and only allowed legitimate
commands to be passed on. If he spawns the CI in some interceptible manner,
you could write a replacement CI that does the validation, then passes the
command to the real CI (or SH, I guess) if it's OK. If MPED does something
that can't readily be intercepted, then it would need to be changed.

Steve