home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!ames!saimiri.primate.wisc.edu!zaphod.mps.ohio-state.edu!usc!rutgers!cmcl2!rlgsc.com!gezelter
- From: gezelter@rlgsc.com
- Newsgroups: comp.os.vms
- Subject: Re: Q: Homegrown COPY? FAQ?
- Message-ID: <1992Nov6.094353.239@rlgsc.com>
- Date: 6 Nov 92 14:43:53 GMT
- References: <1992Nov2.043637.29321@netcom.com> <bjVRf?se@twinsun.com> <68931@cup.portal.com>
- Organization: Robert Gezelter Software Consultant, Flushing, NY
- Lines: 65
-
- In article <68931@cup.portal.com>, Chris_F_Chiesa@cup.portal.com writes:
- Chris,
-
- An interesting problem! I have a couple of suggestions and observations
- on some of your questions.
- > ...
- >
- > Basically, I want to allow non-privileged users to copy files to which the
- > existing baseline VMS protections/ACLs don't allow them access, subject to
- > "permissions" "granted" by the owners of the files. VMS protections/ACLs could
- > probably do the job IF they could be made to take effect, and expire (and the
- > corresponding ACL disappear from the file), at predetermined dates-and-times.)
- >
- Instead of re-writing COPY, how about using a daemon process
- (there is at least one in the DECUS library) to grant/revoke
- identifiers at the requested 'dates-and-times'. The daemon
- process need have no communications with the actual user
- processes. User processes will be able to use COPY, or any other
- program that they wish, to access the file. All of the sensitive
- security related code can be isolated to the daemon, which, in
- any event, will only be granting/revoking identifiers.
-
- While it would be rather CPU inefficient, you could even write
- the daemon in DCL and use AUTHORIZE to manage the grant/revoke
- operations. No privileged images need be written/installed.
- Additionally, the daemon will run from protected files in a
- protected account, so it will not be a hazard.
- >
- > * Implementing my project as a client which communicates with a detached
- > server process running a DCL command procedure which verifies the client
- > commands and then issues actual VMS COPY commands. Has the advantage
- > that it uses "real VMS COPY," and can therefore support the full normal
- > behavior of same. Has the disadvantage that now I have to deal with
- > security-of-interprocess-communication issues. What's the most secure
- > way to have these things talk to each other? Mailboxes? Shared global
- > sections? Lock manager?
- >
- All of the mechanisms for implementing interprocess
- communications are, for most intents and purposes, at the same
- security level. If you have sufficient privileges to snoop on a
- global section, you can probably snoop (or at least disrupt) a
- mailbox. My personal preference for interprocess communications
- is through DECnet, which makes the case of LAVc and other
- clustered systems easier.
-
- > ... deleted ...
- >
- > Thanks in advance,
- >
- > Chris Chiesa
- > Chris_F_Chiesa@cup.portal.com
- --
-
- I hope that the above is of assistance. If you have any
- questions, or if I can be of assistance, please feel free to
- contact me via Email or phone.
-
- - Bob
- +--------------------------------------------------------------------------+
- | Robert "Bob" Gezelter E-Mail: gezelter@rlgsc.com |
- | Robert Gezelter Software Consultant Voice: +1 718 463 1079 |
- | 35-20 167th Street, Suite 215 Fax: (on Request) |
- | Flushing, New York 11358-1731 |
- | United States of America |
- +--------------------------------------------------------------------------+
-