[Info-vax] Android development Was Re: OT: Larry Ellison takes retirement as CEO of Oracle

Tue Sep 23 19:39:09 EDT 2014

In article <lvsr0n$20d$1 at dont-email.me>, David Froble <davef at tsoft-inc.com> writes:
>JF Mezei wrote:
>> On 14-09-23 14:20, John Reagan wrote:
>> 
>>> SYS$QIO (and all system services) are specially known to the linker/image activator (called the public vectors).
>> 
>> Would it be correct to state that the image activator would simply stick
>> the address of SYS$QIO entry point in the loaded executable ?
>> 
>>> Privilege checks are performed by the services against the process' current privs.
>> 
>> But surely system services perform operations that would not be
>> permitted if done by the user application that only has no special privs ?
>> 
>> So, when my user code takes the address of SYS$QIO furnished by the
>> image activator and does a "CALL" instruction to it, what happens to
>> allow my process (without privs) to be able to perform privileged
>> operations because the code resides in area of memory that contains
>> system services code ?
>> 
>> Put it another way: if I were to take the exact same
>> instructions/arguments located in the SYS$QIO system service and run
>> them inside my process, it would not have the required privileges and
>> fail, right ? So what happens to magically grant the same code
>> privileges when I branch to a certain area of memory ?
>
>I'm beginning to see what you're trying to ask, but, you sure do ask the 
>question(s) in a round-about way.
>
>As I understand it, (not sure I understand anything anymore), when 
>running in Kernel or Exec mode, privs are not required.  Could be a bit 
>wrong on this.  However, the code being executed might have a 
>requirement for a priv, and so that code could check the priv bit(s). 
>Not set, return an error.

LOL.  In the early days of my career, I needed CMKRNL to accomplish some of
my programming tasks.  The BOFH system manager insisted that CMKRNL was too
dangerous to grant.  After some pleading, he was convinced to bestow CMEXEC
privilege upon my account.  I never asked for another system privilege. ;)

	$SSDEF

	.PSECT	CODE,NOWRT,EXE,5
	.ENTRY	GO,0

	PUSHAL	100$
	PUSHL	#1

	$CMEXEC_S	routin = G^SYS$CMKRNL,-
			arglst = (SP)
	RET

	.LIBRARY	"SYS$LIBRARY:LIB.MLB"

	$PCBDEF
	$PHDDEF

100$:	.WORD	0
	MOVAL	G^EXE$SIGTORET,(FP)
	MOVL	PCB$L_PHD(R4),R0
	MNEGL	#1,PHD$Q_PRIVMSK(R0)
	MOVL	#SS$_NORMAL,R0
	RET	
	.END	GO

>Your code running in user mode does not have the capability to do some 
>things, therefore you get an error.
>
>Still not 100% sure what you're actually asking ?
>
>Willing to bet that "Internals and Data Structures" might be an 
>interesting read ....

A daily read here! ;)
-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

I speak to machines with the voice of humanity.