Subject: | |
From: | |
Reply To: | |
Date: | Fri, 24 Sep 1999 07:28:45 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Not pick nits, but I'm going to pick nits (with no offense intended) :-)
Tom writes:
>XL's don't have privileges, programs have them.
Partially correct. Programs have capabilities and privileges, and XLs
do have privileges.
>To determine what privileges a program has, run LINKEDIT and do a LISTPROG
>on the program file.
LinkEd> listprog backuppl.pub.orbitusa
PROGRAM : BACKUPPL.PUB.ORBITUSA
XL LIST :
CAPABILITIES : BA, IA, PM, PH
NMHEAP SIZE : 4000000
[snip]
PM in CAPABILITIES indicates the program has priv mode.
LinkEd> listxl bogusxl.pub.orbitusa
LIBRARY NAME : BOGUSXL.PUB.ORBITUSA
XL LIST :
VERSION : 85082112
MODULE COUNT : 4
MODULE LIMIT : 10
..
Sym C H X P Sym Sym Sym Lset
Name Type Scope Value Name
---- - - - - ---- ----- ----- ----
PROGRAM 3 3 3 pri_p univ 00022130
_start 0 3 3 sec_p univ 0002214C
alloc_code_space 3 3 2 entry univ 00022000
create_object 3 stub ext lp+00000020
[snip]
In the above listing, note the X and P columns. That indicates the
execution privilege level and the call privilege level of the routines.
(Execution privilege level is what ring it will run at, call level is what
ring the calling routine must run in order to call this routine). So, in
the above example, alloc_code_space is callable by user mode (ring 3), but
runs at privileged ring 2.
You need to scan each of your XLs (and the program) to see what is running
at ring 2 or higher. Also note that XLs containing privileged routines need
to be in a privileged group.
There are other tools to extract this information from your programs and
XLs, too.
|
|
|