HPE Community
Operating System - OpenVMS
1752794 Members
6897 Online
108789 Solutions
New Discussion юеВ

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

 
SOLVED
Go to solution
Thomas Ritter
Respected Contributor

тАО07-05-2006 12:17 PM

тАО07-05-2006 12:17 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Hi Jan, consider this mockup SYSTEM account.
$ sh process/rights

6-JUL-2006 10:04:32.99 User: SYSTEM Process ID: 0003C518
Node: secret Process name: "system!r2"

Process rights:
SYSTEM resource
INTERACTIVE
REMOTE
DDAL$TR_MON
DFU_ALLPRIV
MQM resource
VMS$MEM_RESIDENT_USER
SYS_PROCESS_TEST_001
SYS_PROCESS_TEST_002
SYS_PROCESS_TEST_003
SYS_PROCESS_TEST_004
SYS_PROCESS_TEST_005
SYS_PROCESS_TEST_006
SYS_PROCESS_TEST_007
SYS_PROCESS_TEST_008
SYS_PROCESS_TEST_009
SYS_PROCESS_TEST_010
SYS_PROCESS_TEST_011
SYS_PROCESS_TEST_012
SYS_PROCESS_TEST_013
SYS_PROCESS_TEST_014
SYS_PROCESS_TEST_015
SYS_PROCESS_TEST_016
SYS_PROCESS_TEST_017
SYS_PROCESS_TEST_018
SYS_PROCESS_TEST_019
SYS_PROCESS_TEST_020
SYS_PROCESS_TEST_021
SYS_PROCESS_TEST_022
SYS_PROCESS_TEST_023
SYS_PROCESS_TEST_024
SYS_PROCESS_TEST_025
SYS_PROCESS_TEST_026
SYS_PROCESS_TEST_027
SYS_PROCESS_TEST_028
SYS_PROCESS_TEST_029
SYS_PROCESS_TEST_030
SYS_PROCESS_TEST_031
SYS_PROCESS_TEST_032
SYS_PROCESS_TEST_033
SYS_PROCESS_TEST_034
SYS_PROCESS_TEST_035
SYS_PROCESS_TEST_036
SYS_PROCESS_TEST_037
SYS_PROCESS_TEST_038
SYS_PROCESS_TEST_039
SYS_PROCESS_TEST_040
SYS_PROCESS_TEST_041
SYS_PROCESS_TEST_042
SYS_PROCESS_TEST_043
SYS_PROCESS_TEST_044
SYS_PROCESS_TEST_045
SYS_PROCESS_TEST_046
SYS_PROCESS_TEST_047
SYS_PROCESS_TEST_048
SYS_PROCESS_TEST_049
SYS_PROCESS_TEST_050
SYS_PROCESS_TEST_051
SYS_PROCESS_TEST_052
SYS_PROCESS_TEST_053
SYS_PROCESS_TEST_054
SYS_PROCESS_TEST_055
SYS_PROCESS_TEST_056
SYS_PROCESS_TEST_057
SYS_PROCESS_TEST_058
SYS_PROCESS_TEST_059
SYS_PROCESS_TEST_060
SYS_PROCESS_TEST_061
SYS_PROCESS_TEST_062
SYS_PROCESS_TEST_063
SYS_PROCESS_TEST_064
SYS_PROCESS_TEST_065
SYS_PROCESS_TEST_066
SYS_PROCESS_TEST_067
SYS_PROCESS_TEST_068
SYS_PROCESS_TEST_069
SYS_PROCESS_TEST_070
SYS_PROCESS_TEST_071
SYS_PROCESS_TEST_072
SYS_PROCESS_TEST_073
SYS_PROCESS_TEST_074
SYS_PROCESS_TEST_075
SYS_PROCESS_TEST_076
SYS_PROCESS_TEST_077
SYS_PROCESS_TEST_078
SYS_PROCESS_TEST_079
SYS_PROCESS_TEST_080
SYS_PROCESS_TEST_081
SYS_PROCESS_TEST_082
SYS_PROCESS_TEST_083
SYS_PROCESS_TEST_084
SYS_PROCESS_TEST_085
SYS_PROCESS_TEST_086
SYS_PROCESS_TEST_087
SYS_PROCESS_TEST_088
SYS_PROCESS_TEST_089
SYS_PROCESS_TEST_090
SYS_PROCESS_TEST_091
SYS_PROCESS_TEST_092
SYS_PROCESS_TEST_093
SYS_PROCESS_TEST_094
SYS_PROCESS_TEST_095
SYS_PROCESS_TEST_096
SYS_PROCESS_TEST_097
SYS_PROCESS_TEST_098
SYS_PROCESS_TEST_099
SYS_PROCESS_TEST_100
SYS_PROCESS_TEST_101
SYS_PROCESS_TEST_102
SYS_PROCESS_TEST_103
SYS_PROCESS_TEST_104
SYS_PROCESS_TEST_105
SYS_PROCESS_TEST_106
SYS_PROCESS_TEST_107
SYS_PROCESS_TEST_108
SYS_PROCESS_TEST_109
SYS_PROCESS_TEST_110
SYS_PROCESS_TEST_111
SYS_PROCESS_TEST_112
SYS_PROCESS_TEST_113
SYS_PROCESS_TEST_114
SYS_PROCESS_TEST_115
SYS_PROCESS_TEST_116
SYS_PROCESS_TEST_117
SYS_PROCESS_TEST_118
SYS_PROCESS_TEST_119
SYS_PROCESS_TEST_120
SYS_PROCESS_TEST_121
SYS_PROCESS_TEST_122
SYS_PROCESS_TEST_123
SYS_PROCESS_TEST_124
SYS_PROCESS_TEST_125
SYS_PROCESS_TEST_126
SYS_PROCESS_TEST_127
SYS_PROCESS_TEST_128
SYS_PROCESS_TEST_129
SYS_PROCESS_TEST_130
SYS_PROCESS_TEST_131
SYS_PROCESS_TEST_132
SYS_PROCESS_TEST_133
SYS_PROCESS_TEST_134
SYS_PROCESS_TEST_135
SYS_PROCESS_TEST_136
SYS_PROCESS_TEST_137
SYS_PROCESS_TEST_138
SYS_PROCESS_TEST_139
SYS_PROCESS_TEST_140
SYS_PROCESS_TEST_141
SYS_PROCESS_TEST_142
SYS_PROCESS_TEST_143
SYS_PROCESS_TEST_144
SYS_PROCESS_TEST_145
SYS_PROCESS_TEST_146
SYS_PROCESS_TEST_147
SYS_PROCESS_TEST_148
SYS_PROCESS_TEST_149
SYS_PROCESS_TEST_150
SYS_PROCESS_TEST_151

System rights:
SYS$NODE_SECRET

Soft CPU Affinity: off
$ write sys$output f$getjpi("","process_rights")
%DCL-W-BUFOVF, command buffer overflow - shorten expression or command line
$ x = f$getjpi("","process_rights")
%DCL-W-BUFOVF, command buffer overflow - shorten expression or command line

I remove the identifiers

wizdv!r2> SH PROCESS/RIGHT

6-JUL-2006 10:09:14.94 User: SYSTEM Process ID: 00041B1D
Node: SECRET
Process name: "system!r2"

Process rights:
SYSTEM resource
INTERACTIVE
REMOTE
DDAL$TR_MON
DFU_ALLPRIV
MQM resource
VMS$MEM_RESIDENT_USER

System rights:
SYS$NODE_SECRET

Soft CPU Affinity: off
$ WRITE SYS$OUTPUT F$GETJPI("","PROCESS_RIGHTS")
SYSTEM,INTERACTIVE,REMOTE,DDAL$TR_MON,DFU_ALLPRIV,MQM,VMS$MEM_RESIDENT_USER



The size of the processes' rights identifier is the problem. I used a command procedure to grant and revoke the identifiers.
:)
0 Kudos
Reply
Guy Peleg
Respected Contributor

тАО07-05-2006 06:25 PM

тАО07-05-2006 06:25 PM

Solution

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Hi Thomas,

This is a bug !!

well...maybe not a bug but a design
limitation.....no...it's a bug ;-)

When I designed EDCL I restricted the
lexical functions to use the old buffer
size. If you use one of the cluster aware
lexical functions (like F$GETJPI) and you
are operating on a non-EDCL node, DCL
sends large buffer over the network which
eventually will result in the non edcl
system choking and the operation will fail.

Lately I removed part of the restriction
and local lexical functions (like F$TYPE)
now use large buffers. This change is
shipping with the latest DCL ECO for V7.3-2.

John Brodribb brought this problem
to my attention and I'm working on a fix
for the cluster aware lexicals. Should
be ready within few days.

Guy
Reply
John Abbott_2
Esteemed Contributor

тАО07-05-2006 06:57 PM

тАО07-05-2006 06:57 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

There you go Thomas! I knew Guy would have the answer !! :-) 10 point to him !!

J.
Don't do what Donny Dont does
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО07-05-2006 08:37 PM

тАО07-05-2006 08:37 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Thomas,

the only fifference I was able to spot between your command and ours is that we use RIGHTSLIST instead of PROCESS_RIGHTS.
If that is significant I can not test right now :-(

fwiw

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Thomas Ritter
Respected Contributor

тАО07-05-2006 08:59 PM

тАО07-05-2006 08:59 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Great new :) This would make for some new elegant DCL procedures.

Jan, RIGHTSLIST and PROCESS_RIGHTS exhibit the same behaviour. Add more identifiers to you tested VMS account.

Guy, how big will the buffer be ?

John, thanks for you comments.

Thanks to the HP Support team in Sydney.

Sincerely,
Thomas
0 Kudos
Reply
Guy Peleg
Respected Contributor

тАО07-05-2006 09:03 PM

тАО07-05-2006 09:03 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Hi Thomas,

The new buffer length is 4K (4096 bytes).

Talk to your support team in Sydney, they
have a new DCL image waiting for you ;-)

Guy
0 Kudos
Reply
Robert Gezelter
Honored Contributor

тАО07-05-2006 10:27 PM

тАО07-05-2006 10:27 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Guy,

I do not like to add to the work list, but the point that was made earlier is valid. Even with the EDCL symbol length, there will be situations where the results of F$GETJPI on RIGHTLIST will exceed the extended buffer.

The elegrant solution would be to be able to use a context parameter (e.g., F$SEARCH) to iterate through the RIGHTLIST (or similar lists) one at a time. Alternatively, a function (or subfunction) that took an identifier and its attribute and returned TRUE or FALSE (e.g. F$PRIVILEGE for RIGHTSLIST).

As environments get more complex, with increasing security requirements, we are likely to see this appear with increasing frequency.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО07-05-2006 10:50 PM

тАО07-05-2006 10:50 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Count this as one vote of support for Bob's proposal!

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Karl Rohwedder
Honored Contributor

тАО07-05-2006 10:59 PM

тАО07-05-2006 10:59 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

Here's another vote for it...

regards Kalle
0 Kudos
Reply
John Abbott_2
Esteemed Contributor

тАО07-05-2006 11:06 PM

тАО07-05-2006 11:06 PM

Re: F$GETJPI("","PROCESS_RIGHTS") %DCL-W-BUFOVF, command buffer overflow

We're increasingly using process rights, I suspect we'll hit this problem in a couple of years.

John.
Don't do what Donny Dont does
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.