Security Management Guide (G06.29+, H06.08+, J06.03+)
Guardian System Security
Security Management Guide — 522283-021
2 - 26
Limiting Access to HP Licensed Programs
Execute ordinary instructions using privileged addressing modes, thus permitting
references to system global (SG) data space
Execute procedures that have either the PRIV or CALLABLE attribute
Although the operating system needs these privileges to perform work on behalf of
users, if an intruder’s program is licensed, the intruder can:
Modify protected memory areas containing a program’s instructions and data,
without leaving evidence of the change
Change the intruder program’s effective user ID or process access ID (PAID) in the
process control block to gain the privileges of other users (including the super ID)
and then browse and change files
Directly manipulate physical hardware resources
Limiting Access to HP Licensed Programs
HP programs maintain data integrity and allow safe access to user resources. Also, do
not allow all users to execute these programs. Use Guardian security strings to limit
the use of system programs that allow access to files belonging to a wide range of
users.
Administrative Procedures
When requested to license a user program, insist on receiving the following:
A full explanation of the program’s purpose and a justification of the use of
privileged procedures
Management approval (if dictated by local policy)
The request should be allowed if both these conditions apply:
The function is legitimate and necessary.
The function cannot be achieved using nonprivileged programming techniques.
Review of Source Code
Before you license a user program, have the system manager (or a trusted
programmer) review the source code. Look for possible security violations wherever
the program:
Recognizes specific users for special capabilities
Changes operating system control blocks
Changes the PAID (especially to 255,255) or effective user ID (especially to 65535)