[Info-vax] VMS Privileges Versus Linux Capabilities
Chris Scheers
chris at applied-synergy.com
Wed Jun 22 20:57:04 EDT 2016
Stephen Hoffman wrote:
> On 2016-06-22 21:14:53 +0000, Paul Sture said:
>
>> SETPRV is a special one though. It doesn't actually go away if you
>> disable it. Note for the following user SETPRV is enabled in the
>> default privileges, but not in the authorized ones.
>
> Haven't checked this lately, but it used to be that SETPRV in the
> default mask was not honored. It had to be in the authorized mask.
> Allowing SETPRV from the authorized mask was intended to avoid a user
> ending up nailed by the SET PROCESS /PRIVILEGE=NONE command. Various
> versions of the IDSM have a write-up on this, and there have been
> previous discussions.
>
> This SETPRV behavior led to a sequence for a username that needs
> privileges initially but you wished to somewhat armor the process
> against subsequent nefarious use of SETPRV: put SETPRV in the default
> mask and not the authorized mask, login with the user, then SPAWN and
> issue the commands requiring privileges, and then log out of the
> subprocess and remove SETPRV. The SPAWN copied the privilege list from
> the default mask in the parent to the authorized mask in the subprocess.
Somewhat related: If you have a utility that includes a SPAWN
capability, and the utility is installed with privileges, test it very
carefully.
At least in some versions of VMS, the SPAWNed process inherits the
installed privileges unless there is code around the spawn to remove the
extra privileges.
--
-----------------------------------------------------------------------
Chris Scheers, Applied Synergy, Inc.
Voice: 817-237-3360 Internet: chris at applied-synergy.com
Fax: 817-237-3074
More information about the Info-vax
mailing list