Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Guardian System Security
Security Management Guide 522283-021
2 - 30
Possible Security Concerns
Effect of Giving a Program to Another User
A PROGID program given to another user becomes an ordinary (not PROGID)
program. However, the new owner can reenable the program as a PROGID program.
Effect of Loading a Program From Magnetic Tape
A PROGID program restored from magnetic tape becomes an ordinary program. The
owner can reenable the program as a PROGID program.
Effect of a File-Sharing Group
Running a PROGID program causes the following IDs to temporarily assume the
userID and groupID values of the owner of the PROGID program:
Effective userID of the users (and thereby the PAID)
Effective groupID
Saved set-user ID
Saved set-group ID
However, the real-userID, real-groupID, and group list that are initialized at the time of
the successful authentication are not changed and will continue to remain the same as
that of the user executing the PROGID program. If group access control entries are
present in an ACL, access evaluation will use the group list of the user requesting
access. Therefore, it is important to understand and evaluate how the access control
entries are set up in the ACLs for users running PROGID programs. For more
information on file-sharing groups, see File-Sharing Groups on page 6-2.
Possible Security Concerns
Inappropriate design of PROGID programs can result in serious security holes.
Improper Handling of Requests
Without sufficient checking of the input data range and form, an incompletely
debugged PROGID program can unintentionally provide unauthorized access to
restricted data.
For example, a PROGID program might display the home address from an employee’s
payroll record. The employee numbers range from 1 through 100, the database
contains home address information in records 1 through 100, and the corresponding
salary information resides in records 101 through 200. If the program does not properly
validate a requested employee number, it might unintentionally display the salary of
employee 50 when asked for the address of employee 150. The program could avoid
divulging this sensitive information by checking requests for information to verify that
an employee number is in the range 1 through 100.