Re: Aletered Persona surviving image exit - VMS

This is a discussion on Re: Aletered Persona surviving image exit - VMS ; Hi, > I recall that after looking at the VMS source code, it was my impression > that an inner-mode persona could be cajoled into surviving image exit, and > therefore remain current after returning to DCL. I've just remembered ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Aletered Persona surviving image exit

  1. Re: Aletered Persona surviving image exit

    Hi,

    > I recall that after looking at the VMS source code, it was my impression
    > that an inner-mode persona could be cajoled into surviving image exit, and
    > therefore remain current after returning to DCL.


    I've just remembered the theory for getting a process to exit an image and
    return to DCL with the current persona being different than that of the
    natural persona. Basically the image (de)activator resets the persona of the
    process to the natural persona as part of the image rundown procedures, but
    it does this before calling any inner-mode rundown handlers; so my theory is
    that one of your Exec mode UWSS rundown handlers can reset the persona back
    to any permanent and inner-mode persona.

    Sounds reasonable? Dunno, never tried it, but I'm curious as to any other
    "solutions" or, more importantly, why VMS Engineering hasn't offered a
    supported mechanism for doing just this?

    Cheers Richard Maher

    "Richard Maher" wrote in message news:...
    > Hi,
    >
    > I recall that after looking at the VMS source code, it was my impression
    > that an inner-mode persona could be cajoled into surviving image exit, and
    > therefore remain current after returning to DCL. Never did it, so can't

    say
    > for sure, but it would certainly beat the old become.mar type poking.
    >
    > Also, if you do $persona_reserve from inner-mode then you get an

    inner-mode
    > persona. Very useful if your communication-server will do a subsequent
    > $persona_delegate to the execution server. IE. The execution server

    doesn't
    > have to call $persona_create from inner-mode to protect the persona in an
    > unprivileged process. "What's wrong with calling $persona_create from
    > inner-mode?" you say especially when it explicitly gives you the flags for
    > preventing RMS access in kernel mode. "Nothin!" I say; but I've always

    liked
    > the idea of reserve/delegate :-)
    >
    > And just so you remember, Tier3 (on Alpha) gives you the lovely
    > t3$persona_assume that let's a *completely unprivileged* process assume

    the
    > persona of the client on whose behalf it is currently performing work.

    Your
    > system manager decides to start up your server processes under username
    > "FRED" but if your code wants to start doing some file access or database,
    > or system, auditing then you User Action Routines can changed the process
    > persona to "JACK" before attempting access. Pretty useful eh?
    >
    > Cheers Richard Maher
    >
    > "Joseph Huber" wrote in message
    > news:g0jb3d$23pu$1@gwdu112.gwdg.de...
    > > JKB wrote:
    > >
    > > > Other question... Is there a equivalent of 'su' unix command ?
    > > >

    > >
    > > As others told already, there is no direct equivalent.
    > > But VMS has the $persona services, which lets Your process assume the
    > > personality of another user.
    > >
    > > And there is already a program PERSONA on the freeware CD (and in
    > > Hunters archive I think), which works almost identical to su root:
    > > PERSONA SYSTEM
    > >
    > > (Also the older HGLOGIN still should work on actual system versions.)
    > >
    > > --
    > >
    > > Joseph Huber - http://www.huber-joseph.de

    >
    >





  2. Re: Aletered Persona surviving image exit

    In article , "Richard Maher" writes:
    >
    > I've just remembered the theory for getting a process to exit an image and
    > return to DCL with the current persona being different than that of the
    > natural persona. Basically the image (de)activator resets the persona of the
    > process to the natural persona as part of the image rundown procedures, but
    > it does this before calling any inner-mode rundown handlers; so my theory is
    > that one of your Exec mode UWSS rundown handlers can reset the persona back
    > to any permanent and inner-mode persona.


    You can do a lot of things in exec mode, but only if you have the
    privilege to get there.


+ Reply to Thread