Security Management Guide (G06.24+, H06.03+)
Concerns for the User
Security Management Guide—522283-008
5-19
Search List Hazards
21> FILEINFO TACLCSTM {confirms security}
$SALES.ROBIN
CODE EOF LAST MODIFICATION OWNER RWEP
TACLCSTM 101 2896 27-APR-90 9:57:36 147,36 "OOOO"
Also secure TACL macro files other than your TACLCSTM file. Otherwise, an intruder
might insert commands that execute under your user ID when you execute the macros.
In this example, you have macros in the file named TACLMACS. The FILEINFO
command shows that any user can read, write, or purge the file, or simply rename it
and then install another file that has the name TACLMACS. Or any other user could
insert commands that execute Trojan horse programs when you invoke a macro. The
FILEINFO command shows the current security setting:
22> FILEINFO TACLMACS
$SALES.ROBIN
CODE EOF LAST MODIFICATION OWNER RWEP
TACLMACS 101 19524 28-APR-90 10:11:03 147,36 "NNNN"
Use the FUP SECURE command to change the security setting of your TACLMACS
file. This command secures your TACLMACS file so that only you can access it:
22> FUP SECURE TACLMACS,"OOOO"
Similarly secure any other macro files you use.
Some people make their macro files readable (and able to be copied) by others. Be
sure such files contain no LOGON commands complete with passwords or other
sensitive information.
If you define keys that contain sensitive information, check that you do not make the
contents of your keys available. One way an intruder can get this information is through
the use of the TACL KEYS command on an unattended terminal. You might also
accidentally reveal this information if you make a hard copy of your key definitions to
paste to the terminal as a reminder. Instead keep a list of keys and a general
description of the function, but not the specific definition.
Search List Hazards
A search list is a list of subvolumes that the TACL software uses to find a program file
when you use a RUN command in which the file name is not fully qualified. For
example, you ordinarily invoke PS Text Editor by using its unqualified name, TEDIT,
allowing the TACL software to supply the required fully qualified form
$SYSTEM.SYSTEM.TEDIT. Using the unqualified form is the common practice.
By default, when you use an unqualified file name, the TACL software searches for the
program file in $SYSTEM.SYSTEM. However, you can use a #PMSEARCHLIST
command to specify that other volumes and subvolumes are to be searched.