- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Behaviour of F$TRNLNM
Operating System - OpenVMS
1752808
Members
5750
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2007 03:22 PM
тАО01-24-2007 03:22 PM
Re: Behaviour of F$TRNLNM
This behavior looks to be a variation of the typical privileged image activation. Privileged images will deliberately skip the translations from the outer modes, and will ignore even privileged definitions in unprivileged tables.
The table and the logical name must all be in the requested mode, or in a more privileged mode. If you try to aim the translation elsewhere from a less-privileged mode and/or a definition in a less-privileged table, it will be ignored.
The table and the logical name must all be in the requested mode, or in a more privileged mode. If you try to aim the translation elsewhere from a less-privileged mode and/or a definition in a less-privileged table, it will be ignored.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-24-2007 06:49 PM
тАО01-24-2007 06:49 PM
Re: Behaviour of F$TRNLNM
Thanks for all your reactions.
However, In my initial post I already stated what the real problem was, and nobody answered my question: why isn't there an EXEC mode definition of LNM$DCL_LOGICAL in the first place?
Bart
However, In my initial post I already stated what the real problem was, and nobody answered my question: why isn't there an EXEC mode definition of LNM$DCL_LOGICAL in the first place?
Bart
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2007 08:39 AM
тАО01-28-2007 08:39 AM
Solution
Bart,
>why isn't there an EXEC mode definition of
>LNM$DCL_LOGICAL in the first place?
Because it wasn't needed. The only reason for defining EXEC mode logical names is to provide a distinction between privileged and non-privileged access. The EXEC mode definition can be limited to a trusted search path, and prevents non-privileged definitions from hijacking translations to (potentially) introduce trojan horses. By not defining an EXEC mode translation at all, the logical name is eliminated as a potential security hole.
LNM$DCL_LOGICAL is a bit of an oddity and rather obscure. It isn't used in many places. Before VMS V4, there were only 3 hardcoded logical name tables PROCESS, GROUP and SYSTEM. When the logical name architecture was radically changed in V4 to include multiple tables, a mechanism was required to provide compatibility with the older architecture and the $TRNLOG system service (and now obselete and undocumented lexical function F$TRNLOG). See entries in LNM$SYSTEM_DIRECTORY for LOG$* and TRNLOG$* - these replicate the seven old search paths within the new mechanism. LNM$DCL_LOGICAL was originally the default compatibility search path LOG$PROCESS, LOG$GROUP, LOG$SYSTEM, but over time it's been changed to be LNM$FILE_DEV, and therefore redundant.
On potential solution to your issue would be to change F$TRNLNM to default the table name to LNM$FILE_DEV (which does have an EXEC mode translation). I'd guess the reason that hasn't happened is no one has asked, so there's no incentive to invest the resources required to change the code and documentation. If you feel strongly about it, log a case.
In the mean time, it should be safe for you to define an EXEC mode translation for LNM$DCL_LOGICAL (I'd suggest pointing it at LNM$FILE_DEV), however, this makes any code you write using F$TRNLNM and EXEC mode dependent on your non-standard environment. On the other hand, if you simply add the table name LNM$FILE_DEV to your call, it will work on all standard OpenVMS environments, and will continue to work even if F$TRNLNM is changed in the future.
>why isn't there an EXEC mode definition of
>LNM$DCL_LOGICAL in the first place?
Because it wasn't needed. The only reason for defining EXEC mode logical names is to provide a distinction between privileged and non-privileged access. The EXEC mode definition can be limited to a trusted search path, and prevents non-privileged definitions from hijacking translations to (potentially) introduce trojan horses. By not defining an EXEC mode translation at all, the logical name is eliminated as a potential security hole.
LNM$DCL_LOGICAL is a bit of an oddity and rather obscure. It isn't used in many places. Before VMS V4, there were only 3 hardcoded logical name tables PROCESS, GROUP and SYSTEM. When the logical name architecture was radically changed in V4 to include multiple tables, a mechanism was required to provide compatibility with the older architecture and the $TRNLOG system service (and now obselete and undocumented lexical function F$TRNLOG). See entries in LNM$SYSTEM_DIRECTORY for LOG$* and TRNLOG$* - these replicate the seven old search paths within the new mechanism. LNM$DCL_LOGICAL was originally the default compatibility search path LOG$PROCESS, LOG$GROUP, LOG$SYSTEM, but over time it's been changed to be LNM$FILE_DEV, and therefore redundant.
On potential solution to your issue would be to change F$TRNLNM to default the table name to LNM$FILE_DEV (which does have an EXEC mode translation). I'd guess the reason that hasn't happened is no one has asked, so there's no incentive to invest the resources required to change the code and documentation. If you feel strongly about it, log a case.
In the mean time, it should be safe for you to define an EXEC mode translation for LNM$DCL_LOGICAL (I'd suggest pointing it at LNM$FILE_DEV), however, this makes any code you write using F$TRNLNM and EXEC mode dependent on your non-standard environment. On the other hand, if you simply add the table name LNM$FILE_DEV to your call, it will work on all standard OpenVMS environments, and will continue to work even if F$TRNLNM is changed in the future.
A crucible of informative mistakes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2007 07:01 PM
тАО01-28-2007 07:01 PM
Re: Behaviour of F$TRNLNM
Thanks, John.
I think that specifying LNM$FILE_DEV in the call is the best solution.
However, changing the explicit /super into /exec in SYS$STARTUP:VMS$INITIAL-050_VMS.COM in a future update of OpenVMS will not break anything, and I do not see how it could add a security risk.
Regards,
Bart
I think that specifying LNM$FILE_DEV in the call is the best solution.
However, changing the explicit /super into /exec in SYS$STARTUP:VMS$INITIAL-050_VMS.COM in a future update of OpenVMS will not break anything, and I do not see how it could add a security risk.
Regards,
Bart
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP