Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-23

Licensed Programs

Possible Hazards

Inappropriate design of PROGID programs can result in serious security holes:

•

Without sufficient checking of the input data range and form, an incompletely

debugged PROGID program can unintentionally provide unauthorized access to

restricted data.

•

The privileges of a PROGID program propagate to any processes created by the

program.

•

System programs (such as licensed programs and system utilities) should not be

enabled as PROGID programs unless required. A system program enabled as a

PROGID program can provide excessive and easily subverted capabilities.

•

The ability to audit accesses made by a process is effectively lost if the process has

the PROGID attribute. The Safeguard product logs the user ID of the PROGID

program owner, not the ID of the process user; thus, accountability is lost.

•

PROGID programs do not allow a user other than the program owner to run the

program in debug mode from the command interpreter (TACL). However, if a

PROGID program is running and enters Debug or Inspect (debugging tools), the

person running the program assumes the privileges of the program owner. By

patching the program data, it might be possible to defeat whatever security is built

into the program.

Implications for Your Security Policy

Your security policy should provide guidelines for using and monitoring the use of

PROGID programs. The operations staff should receive training on the uses and risks of

PROGID programs and how to recognize these programs.

Licensed Programs

Licensing a program has the effect of giving a program the privileges of the operating

system. When a licensed program runs, privileged operations in it can bypass any

ordinary security interface (such as authentication of user IDs, Safeguard protection, and

memory-management protection). Only the super ID (255,255) can license a program or

revoke a license.

Licensing a program that performs no privileged operations has no effect on security

because the program gains no privileges that it did not already have.

To determine whether a program is licensed, use FUP or the DSAP utility.

Possible Hazards

Licensing a program that uses privileged operations can seriously compromise both

system integrity and security. Such a program can gather and modify information