Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Guardian System Security
Security Management Guide 522283-021
2 - 25
Controlled and Orderly Access to Resources
Controlled and Orderly Access to Resources
The operating system uses privileged operations to control access to hardware and
certain software resources.
The operating system prevents user programs and terminal users from directly
performing privileged operations.
When a user program needs to perform a privileged operation (for example, when
accessing a disk or terminal), it must request that the operating system perform the
operation.
To access hardware resources, user programs request operating system services by
executing Guardian procedure calls.
To access software resources, terminal users request operating system services by
executing licensed system programs, such as ADDUSER, BACKUP, DEFAULT,
DELUSER, FUP, PASSWORD, RESTORE, RPASSWRD, and USERS.
The Licensing Operation
Licensing is accomplished through the FUP program.
For example, to license a program stored in PROGFILE, the super ID issues this
command:
1> FUP LICENSE PROGFILE
To revoke the license, the super ID issues this command:
2> FUP REVOKE PROGFILE
Effect of Copying a Licensed Program
If a licensed program is duplicated (using FUP), the duplicate loses its license (unless
the super ID makes the copy with the correct FUP options). Even if an intruder
modifies a copy of a licensed program, the copy cannot be run.
Security Implications
Licensing a program that uses privileged operations can seriously compromise both
system integrity and security. Such a program can gather and modify information
anywhere in the system, disrupt the system, disrupt the network, and do anything the
super ID can do (including license another program).
Licensing a program that performs no privileged operations has no effect on security
because the program gains no privileges that it did not already have.
Licensing a program allows the program to:
Execute privileged instructions, such as SEND and EIO, that directly access the
interprocessor bus and I/O devices