Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!pasteur!ucbvax!STAR.STANFORD.EDU!XRJJM%CSDR.SPAN
From: XRJJM%CSDR.SPAN@STAR.STANFORD.EDU (John McMahon,
      STX/COBE (x4333))
Newsgroups: comp.os.vms
Subject: Undocumented priv bits...
Message-ID: <8807160428.AA21677@ucbvax.Berkeley.EDU>
Date: 12 Jul 88 12:33:18 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 29

***> From: "IVAX::IJAH400" 
***> 
***> UPGRADE and DOWNGRADE are both listed in STARLET.REQ, they are bits 0 and
***> 1 in the second privilege longword.  These are described as "may
***> up(down)grade classification".  AUTHORIZE seems to know about these too;
***> at least it will let you give them to a user, but it won't list them out
***> with SHOW.
***> 
***> James A. Harvey
***> ijah400@indyvax (bitnet) or ijah400%ivax.decnet@gold.bacs.indiana.edu
***> 

The DCL command SHOW PROC/PRIV won't let you see them (Although I think
it used to) but the DCL Lexical F$GETJPI() will.  

$ SET PROC/PRIV=ALL

Issuing a Write Sys$Output F$GETJPI(0,"CURPRIV") results in a %DCL-W-TKNOVF
(Command Element Too Long) error.  So we remove some of the privs we do
know.

$ SET PROC/PRIV=(NOCMKRNL,NOCMEXEC,nosysnam,nogrpnam,noallspool)

Now issuing the Write Sys$Output F$GETJPI(0,"CURPRIV") results in all the
rest of the known privs, plus UPGRADE and DOWNGRADE being listed.  But what
are they used for ?  Perhaps the VMS "Secure System" package, or whatever
it's called ?

John McMahon
xrjjm%scint.span@star.stanford.edu