Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!psivax!nrcvax!kvc
From: kvc@nrcvax.UUCP (Kevin Carosso)
Newsgroups: comp.os.vms
Subject: Re: Using callable EDT (caveat for installed prog. w/ privs)
Message-ID: <1310@nrcvax.UUCP>
Date: Fri, 4-Dec-87 13:11:15 EST
Article-I.D.: nrcvax.1310
Posted: Fri Dec  4 13:11:15 1987
Date-Received: Fri, 11-Dec-87 05:17:46 EST
References: <8712020650.AA10361@ucbvax.Berkeley.EDU>
Reply-To: kvc@minnie.UUCP (Kevin Carosso)
Organization: Network Research Corp.  Oxnard, CA
Lines: 28

In article <8712020650.AA10361@ucbvax.Berkeley.EDU> PHULVER%OCVAXA@VB.CC.CMU.EDU (Barron Hulver x8290) writes:
>Just a tidbit of information for anyone using the callable
>EDT interface.  If the program will ever be an installed image
>with privileges (SYSPRV, BYPASS), this is not the way to go.
>
>A user will be able to drop into the editor, then INCLUDE
>any text file on the system.
>
>In this case you do want to use the LIB$SPAWN feature.

I think the proper way to go is that any program which is going to
be installed with amplified privileges must use those privileges wisely.
You should disable your amplified privileges except for those
sections of code which require them.  Alternately, if you think you
need the privs enabled nearly all the time (dubious) then you should
disable them before your EDT call and reenable after.

MAIL is an example of a utility which is installed with amplified
privileges but which enables them only when necessary.  MAIL uses
the callable editor interface but privs are never enabled at that
time.

For example, if you need SYSPRV to access a file then you should disable
SYSPRV at the outset, then enable SYSPRV just before your file open and
disable it just after.

Note that if you have amplified image privileges, those privileges
are inherited by the process created with LIB$SPAWN.