Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!rochester!bbn!uwmcsd1!marque!gryphon!crash!jeh From: jeh@crash.UUCP Newsgroups: comp.os.vms Subject: Re: Using callable EDT (caveat for installed prog. w/ privs) Message-ID: <2078@crash.cts.com> Date: Thu, 3-Dec-87 19:29:50 EST Article-I.D.: crash.2078 Posted: Thu Dec 3 19:29:50 1987 Date-Received: Sun, 6-Dec-87 21:19:46 EST References: <8712020650.AA10361@ucbvax.Berkeley.EDU> Reply-To: jeh@crash.CTS.COM (Jamie Hanrahan) Organization: CMKRNL Press, San Diego, CA Lines: 21 Summary: Turn privs off and on as needed In article <8712020650.AA10361@ucbvax.Berkeley.EDU> PHULVER%OCVAXA@VB.CC.CMU.EDU (Barron Hulver x8290) writes: >Just a tidbit of information for anyone using the callable >EDT interface. If the program will ever be an installed image >with privileges (SYSPRV, BYPASS), this is not the way to go. >A user will be able to drop into the editor, then INCLUDE >any text file on the system. >In this case you do want to use the LIB$SPAWN feature. This point is well taken, but the moral is to code programs that will be installed with privs correctly rather than to avoid use of callable EDT. Any program to be installed with privs should begin by turning the enhanced privs OFF, then turn them on just before they're needed, and turn them off again immediately afterwards. For instance, if you're writing a mailer that needs to access files via BYPASS privilege, you turn on BYPASS only when accessing those files (SYSUAF, users' mail files, etc.), and turn it off again as soon as the file is open. You don't leave it on, for instance, during the `prepared file to include?' sequence... Also, be careful about logical name translations -- a program accessing files via enhanced privs should only use `trusted' logical names (system name table, exec mode, etc.). With these caveats, one can write enhanced-priv programs and still safely use things like callable EDT.