× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 1999

RE:Adopted Authority (was: Starting FTP)

  • Subject: RE:Adopted Authority (was: Starting FTP)
  • From: Chris Bipes <rpg@xxxxxxxxxxxxxxx>
  • Date: Tue, 30 Nov 1999 09:44:47 -0800
 
If the CL program issues the command to start the FTP server and then ends,
the user is not running under the adopted authority.  Perhaps the CL submits
itself to batch.  Either way, the program is ends for the interactive user
and adopted authority is ended.  Since this is a submit remote command from
a pc batch file as stated in the original post, the user can never get to a
command line to take advantage of the adopted authority.  I agree that an
interactive job should NEVER be allowed to call a program that adopts
authority and allows the user to get to a command line.

Christopher K. Bipes     mailto:ChrisB@Cross-Check.com
Sr. Programmer/Analyst   mailto:Chris_Bipes@Yahoo.com
CrossCheck, Inc.         http://www.cross-check.com
6119 State Farm Drive    Phone: 707 586-0551 x 1102
Rohnert Park CA  94928 Fax: 707 586-1884

*Note to Recruiters
Neither I, nor anyone that I know of, is interested in any new and/or
exciting positions. Please do not contact me.


-----Original Message-----
From: Jim Langston [mailto:jlangston@conexfreight.com]
Sent: Tuesday, November 30, 1999 8:58 AM
To: MIDRANGE-L@midrange.com
Subject: Re: Starting FTP


Just be sure if you use adopted authority (owner authority) that the
user can not get to a command line.  Very big security hole.  Set
up a CL with adopted authority that you compile, the user runs it
and gets to a command line somewhere and all of a sudden this
user has your authority.

Just because of this security possibility we never use adopted
authority on our system.

Another possibility you might think about: have a program running
all the time that checks for some message and all it would do would
start the FTP server.  You could submit this yourself, and since it
was running in the batch subsystem people wouldn't have access to
it.  Perhaps have it look at message queue QTCP for a certain message.
Or have it examine a data queue periodically.  Or any other of a
few ways to trigger an active program to do something.

Just some thoughts.

Regards,

Jim Langston
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.