Security Management Guide (G06.29+, H06.08+, J06.03+)
OSS System Security
Security Management Guide — 522283-021
4 - 9
OSS Process Security
The PRIV_SETID file privilege can be inherited by child processes created using
fork() because the parent and child process share the same executable. Any child
processes created by other process creation functions or procedure calls (such as
exec() or PROCESS_CREATE_) acquire their file privileges from that target
executable file.
If an executable without the PRIV_SETID file privilege performs a privileged switch ID
operation, the process is unconditionally denied access to files in the restricted-access
fileset.
File privileges are removed from a file if the file is changed (such as by being opened
for writing).
Recommendations
While using the OSS file privileges, it is recommended that a super ID take the
following security measures.
A super ID should not:
Modify a system state through a debugger
License unapproved programs, such as SWITCHUSER, to run the PRIV code
Make unauthorized modifications to the Safeguard SECURITY-OSS-
ADMINISTRATOR and the SECURITY-PRV- ADMINISTRATOR database
Compile and run unapproved programs with the PRIV or CALLABLE code. For
example, secure production systems must remove the compilers from the
system and enforce strict change control to prevent this possibility.
The Safeguard global configuration attribute PASSWORD-REQUIRED must be set
to ON. Any modification to the value of the PASSWORD-REQUIRED attribute must
be monitored closely in the Safeguard audit logs.
The super ID must exercise caution while setting the PRIV-LOGON attribute of
diskfile protection records added under Safeguard. Any modification to the
PRIV-LOGON attribute of any diskfile must be monitored closely in the
Safeguard audit logs.
OSS Process Security
The OSS environment provides security features that protect and restrict access to and
by running processes. These features include several process attributes that identify a
process and control process access. The following subsection describes the process
attributes used to control access to OSS processes and access by processes to OSS
files. For a description of the process attributes applicable to Guardian files and
processes, see Guardian Process Security on page 2-5. The PAID and CAID are not
applicable to OSS process access control.