Introduction to NonStop Operations Management
Security Management
Introduction to NonStop Operations Management–125507
9-24
Licensed Programs
anywhere in the system, disrupt the system, disrupt the network, and do anything that
the super ID (255,255) can do (including license another program).
If an intruder’s program is licensed, the intruder can:
•
Modify protected memory areas containing a program’s instructions and data,
without leaving evidence of the change
•
Gain the privileges of other users (including the super ID), and then browse and
change files
•
Directly manipulate physical hardware resources
Tandem system programs maintain data integrity and allow safe access to user resources.
Even so, do not allow all users to execute licensed programs. Use standard Tandem
NonStop Kernel security or Safeguard access-control lists to limit the use of system
programs that allow access to files belonging to wide range of users.
Implications for Your Security Policy
Your security policy should establish guidelines for:
•
Approving a request for a program license. Writing code for a licensed program
requires an intimate knowledge of the operating-system code and should be
undertaken only by programmers having legitimate access to operating-system
source code.
•
Reviewing, compiling, binding, and testing source code before issuing a license.
Even after extensive testing and revision, licensed programs might contain residual
bugs that could seriously interfere with operating-system functions.
•
Monitoring licensed programs. A licensed program has the potential to bypass
known, documented, and tested interfaces.
•
Integrating licensed programs into new releases. A licensed user-written program
might be release-dependent; therefore, the licensed program might be affected by
changes in the internal operating-system structures from one release to another. Such
a licensed program can fail or do great harm under one release even though it might
have worked perfectly under a previous release.
Note. Tandem does not accept responsibility for the effects of user-written programs
functioning at the level of the operating system and does not support such programs.