home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!sun-barr!cs.utexas.edu!rutgers!cmcl2!rlgsc.com!gezelter
- From: gezelter@rlgsc.com
- Newsgroups: comp.os.vms
- Subject: Re: Am I in SYLOGIN?
- Message-ID: <1992Jul23.115213.181@rlgsc.com>
- Date: 23 Jul 92 16:52:12 GMT
- References: <1992Jul22.113259.1@utxvms.cc.utexas.edu>
- Organization: Robert Gezelter Software Consultant, Flushing, NY
- Lines: 59
-
- In article <1992Jul22.113259.1@utxvms.cc.utexas.edu>, ccdk001@utxvms.cc.utexas.edu writes:
- > Anyone know of a simple, fairly fullproof way to determine if an image
- > is being run from SYLOGIN.COM or some other known place (step) during
- > process creation?
- >
- > I have an installed privileged application that I want executed during the
- > login process, but I don't want users to be able to execute it directly.
- > It does "things" based on an assumed state of that process/environment at
- > that time particular time. Allowing users to change their environment
- > (logical names, devices, etc.) and then rerunning this image could be
- > a problem in some instances.
- >
- > Grabing the procedure depth/name from the clidata doesn't seem fullproof
- > enough. Checking the imagecount in the process header could work, but
- > I dunno.. Patching loginout (again!) is also too messy. I'd appreciate
- > any ideas/strategies.
- >
- > Thanks,
- >
- > ++ Dave
- > -----------------------------------------------------------------------
- > David Barkelew Internet: barkelew@utxvms.cc.utexas.edu
- > Unix/VMS Services, UUCP: ...!ut-emx!utxvms!barkelew
- > Computation Center THEnet: UTXVMS::BARKELEW
- > University of Texas BITNET: BARKELEW@UTXVMS
- > Voice: (512)471-3241 FAX: (512)471-1582
- > -----------------------------------------------------------------------
- --
- Dave,
-
- This is not quite the answer to the question you asked, but it
- may represent a better solution.
-
- Instead of relying on the fact that the process environment is
- unchanged, there is another alternative. An example of a similar
- application is conventional VMS MAIL (Mail has to reliably find
- your mail file, regardless of your logical name configuration).
-
- In the context of device (logical name) configuration, a good
- solution is to FORCE Logical Name Translation to only use
- logical names which are defined in elevated access modes (EXEC)
- or in the System Logical Name Table. Since these names are
- unmodifiable by non-privileged users, you should eliminate the
- potential for problems.
-
- Other checks can easily guard against duplicate executions of
- your special program.
-
- I hope that the above is useful, if my explanation is unclear,
- please drop me a note.
-
- - Bob
- +--------------------------------------------------------------------------+
- | Robert "Bob" Gezelter E-Mail: gezelter@rlgsc.com |
- | Robert Gezelter Software Consultant Voice: +1 718 463 1079 |
- | 35-20 167th Street, Suite 215 Fax: (on Request) |
- | Flushing, New York 11358-1731 |
- | United States of America |
- +--------------------------------------------------------------------------+
-