From owner-freebsd-hackers  Mon Jun  1 02:06:37 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA28668
          for freebsd-hackers-outgoing; Mon, 1 Jun 1998 02:06:37 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA28659
          for <freebsd-hackers@FreeBSD.ORG>; Mon, 1 Jun 1998 02:06:26 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id CAA09890;
	Mon, 1 Jun 1998 02:05:31 -0700 (PDT)
Message-Id: <199806010905.CAA09890@implode.root.com>
To: Nadav Eiron <nadav@cs.technion.ac.il>
cc: Terry Lambert <tlambert@primenet.com>, abial@nask.pl,
        freebsd-hackers@FreeBSD.ORG
Subject: Re: Signed executables, safe delete etc. 
In-reply-to: Your message of "Mon, 01 Jun 1998 10:41:45 +0300."
             <Pine.GSO.3.95-heb-2.07.980601103415.4910C-100000@csd> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Mon, 01 Jun 1998 02:05:31 -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

(this is getting WAY off the subject of FreeBSD, but since we're discussing
architecture...)

>>  As I was a VMS user and kernel software developer for 10 years prior to
>> hacking on Unix source, I'm quite familiar with how VMS works both internally
>> and externally. The linker in VMS is not installed with any special privilege
>> and any user can make a binary executable. A user, for example, can use kermit
>> or other file transfer utility to copy over a VMS executable and as long as
>> the file record type is correct (fixed, 512 byte records) and he sets the
>> execute permission (set file/prot=exec...I'd mention the system call to do
>> this if I could remember it), he can execute it.
>
>If you have BYPASS priv, then even this is not necessary. You simply run
>it.

   Normal users usually don't have BYPASS privilege, else you have a serious
security hole. :-)

>>  As I mentioned above, the SYSPRIV privilege allows the process to access
>> resources as if he had a system UIC. There are 4 sets of permissions bits
>> in VMS: user, system, group, and world. A system UIC is (usually) a UIC that
>> has a group number that is less than 9. If you have a system UIC or you
>                             ^^^^^^^^^^^
>VMS UICs are in octal (usually). A system UIC is one that has group < 10
>(octal), or less than 8 if you happen to favor decimal notation...

   You're right that in VMS one usually specifies UICs in octal. However,
according to the online documentation:

SYSGEN>  HELP PARAM MAXSYSGROUP

Parameters

  MAXSYSGROUP


     Highest system UIC - The highest value that a group number can have
     and still be classified as a a system UIC group member.  In decimal.

Topic? 
SYSGEN>  SHOW MAXSYSGROUP
Parameter Name            Current    Default     Min.     Max.     Unit  Dynamic
--------------            -------    -------    -------  -------   ----  -------
MAXSYSGROUP                     8          8         1     32768 UIC Group  D

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message