[Info-vax] "Trusted" detached processes
Richard Maher
maher_rj at hotspamnotmail.com
Sat Sep 12 19:19:54 EDT 2009
Hi Ian,
"IanMiller" <gxys at uk2.net> wrote in message
news:97da14d0-b5b4-41e6-a7a1-5c0383f73757 at g31g2000yqc.googlegroups.com...
> On 12 Sep, 12:46, "Richard Maher" <maher... at hotspamnotmail.com> wrote:
>
> Amongst the usual ranting I think there is a technical question - "Is
> there some disadvantage to using PRC$M_TCB that Richard does not know
> about?"
> Is that it?
Well, I liked mine better :-) However, if your succinct distillation is more
answerable then I'm happy to run with it.
Anyway, I find the prospect of some people actually being as incompetent as
I have portrayed too frightening to contemplate so I'm half hoping that
there is something with the TCB flag I missed or, far more appealing, some
design decision by Rdb, perhaps to position the $setuai in a process that
will also have to run user-code, has left them ham-strung. (Why don't they
run loginout.exe for their Execution Servers anyway?)
Cheers Richard Maher
PS. If anyone can find more doc than the following about it then please pass
a pointer.
/TRUSTED
Specifies that the created process is part of the Trusted
Computing Base (TCB) and performs its own auditing. The /DETACH
qualifier is required as well as the IMPERSONATE privilege.
PRC$M_TCB Mark a process as part of the trusted computing base (TCB).
As such, it is expected to perform its own auditing. IMPERSONATE privilege
is required.
More information about the Info-vax
mailing list