Security Management Guide (G06.24+, H06.03+)
TACL Macros
Security Management Guide—522283-008
C-5
Example 4. Findone Routine
== followed by existing file, or non-existing file?
| 1 existingfile |
#if [#argument /text :^template/ template]
== exists, so start at that file
| 2 nonexistingfile |
#if [#argument /text :^template/ template]
[#set :^curfile
[#filenames /maximum 1, previous [:^curfile]/ [
][:^template]]
]
== does not exist... start at the next file up
]
| 2 template |
#set :^curfile [#filenames /maximum 1/ [:^template]]
== template, but no @, so current file is the first
| 3 end |
]
[#loop |while| (not [#emptyv :^curfile]) |do|
[#result [[:^macro] [:^curfile]]]
== one application of routine to the current file
[#set :^curfile
[#filenames /maximum 1, previous [:^curfile]/ [
][:^template]]
]
== so fetch the next one
]
]
#unframe
Example 4. Findone Routine
Use the following routine together with the fapply routine (Example 3) to find any file
that can be written to or purged by anyone other than the owner. You can then
examine the list to see if any of these files presents a potential security hazard.
?section findone routine
#frame
[#def :^a struct
begin
char s(0:3) value [#fileinfo/security/[#rest]];
end;
]
== set :^a to a character-addressable struct containing
== the security setting of the file passed as a parameter
[#case [:^a:s(1)]
| N C A G |
#output [#rest] has [:^a:s(1)] write access.
== write access is one of N C A or G
| otherwise |
]
[#case [:^a:s(3)]
| N C A G |
#output [#rest] has [:^a:s(3)] purge access.
== purge access is one of N C A or G