From owner-freebsd-hackers Sun May 31 17:19:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA21993 for freebsd-hackers-outgoing; Sun, 31 May 1998 17:19:33 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA21857 for ; Sun, 31 May 1998 17:18:58 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with ESMTP id RAA09016; Sun, 31 May 1998 17:18:21 -0700 (PDT) Message-Id: <199806010018.RAA09016@implode.root.com> To: Terry Lambert cc: abial@nask.pl, freebsd-hackers@FreeBSD.ORG Subject: Re: Signed executables, safe delete etc. In-reply-to: Your message of "Sun, 31 May 1998 21:02:09 -0000." <199805312102.OAA13496@usr06.primenet.com> From: David Greenman Reply-To: dg@root.com Date: Sun, 31 May 1998 17:18:21 -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >> Terry, sometimes I think we exist in different realities. First of all, >> any user can set a file as executable in VMS. It does not require any special >> privileges. > >This has not been my experience, working on compilers on VMS. > >> Second, there is no "SYSPRIV" privilege. There is a "SYSPRV" >> privilege, however, that allows the holder access system resources as if >> he had a system UIC. One does not have to have a system UIC to change >> file permissions (including the executable flag); all one needs is to be >> the owner of the file - just like it is in Unix. > >Thank you for the spelling correction. > >I don't know, off the top of my head, the exact priviledge. I do know >that when I wrote my own linker, it was required that I install it as >an install image in order to be able to set the executable bit, > >At one time, I wrote a bacterium for UNIX and tried to port it to >VMS, but was unsuccessful because of the inability to set the program >as executable (which is distinct from setting the execution bit >which is manipulable by the user, at least prior to VMS 5.3; I can't >speak for later versions, since I didn't have access to VMS source code >after that). As I was a VMS user and kernel software developer for 10 years prior to hacking on Unix source, I'm quite familiar with how VMS works both internally and externally. The linker in VMS is not installed with any special privilege and any user can make a binary executable. A user, for example, can use kermit or other file transfer utility to copy over a VMS executable and as long as the file record type is correct (fixed, 512 byte records) and he sets the execute permission (set file/prot=exec...I'd mention the system call to do this if I could remember it), he can execute it. As I mentioned above, the SYSPRIV privilege allows the process to access resources as if he had a system UIC. There are 4 sets of permissions bits in VMS: user, system, group, and world. A system UIC is (usually) a UIC that has a group number that is less than 9. If you have a system UIC or you have SYSPRIV, then you can access files and directories using the "system" permissions bits, which usually default to RWED (all access). If your program required SYSPRIV, then you apparantly had some sort of permissions problem - perhaps you created the file with the wrong permissions to start with (no user/group/world access) and this caused the subsequant syscall to set the file exectuable to fail. One Can Only Imagine. In any case, your statements regarding the linker and file executablity are simply wrong. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message