Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

"Hang" on return

 
SOLVED
Go to solution
Willem Grooters
Honored Contributor

"Hang" on return

VMS 7.3-2, Alpha
Login as TMG1_WILLEM (low-priv user), execute a command:

$ SPAWN PIPE SETP tomg2 ; ; SETENV TOMG1

SETENV is a procedure that changes the process and job environment to fit a particular environemnt, different from login: UIC, default, logicals, process rights and privileges (both AUTHORIZED and DEFAULT), using two (privileged) images and DCL. The user does have an account in this environment (TMG2_WILLEM) but can not normally log in directly into this environment.
is executed in the context of user TMG2_willem - with elevated privileges.

The source of the original images is lost, and the functionality has been reverse-engineered from the original, by examining what it does to process end job environment.
In most cases, it seems to work fine. Changes in the process environment can be observed in the attachment.

However, above code sequence shows that there is still a difference to be handled.
Using the old images, it doesn't matter if fails causing an $ EXIT; the subprocess will end and control will be returned to the main process (though the changes in the job environment will still be there). The new images however cause the main process to hang, and the process needs to be killed (^C nor ^Y have any effect).

It seems to me that the subprocess does not signal the main process of it's termination.

I also tried (to check process and devices:

$ SPAWN PIPE SETP TOMG2 ; ANA/SYS

and this also causes the main process to hang when SDA is exited, no matter how, when the new images are used.

My thought is there must be some protection that needs to be altered, or an ACE added, (like I did on TT:) to signal the end of the subprocess, but I couldn't locate anything.

Any idea on how to find out what device may be inaccessible?
Willem Grooters
OpenVMS Developer & System Manager
20 REPLIES 20
Hein van den Heuvel
Honored Contributor

Re: "Hang" on return

No immediate help, just a couple of question which may help others.

First, roughly, what does the new code do? Straight system service calls (impersonate!) or kernel mode hackery twidlling bits in Process control blocks, process headers?

> TMG1_WILLEM (low-priv user),

It looks to me that this username has all the priviliges in the world: CMKRNL (useful to grab any other priv, and to issue SET UIC), and WORLD and so on. Not low-priv and does nto need an installed helper.

>> $ SPAWN PIPE

What is the purpose of the SPAWN before the pipe?

Are there DETACHED processes, or just changed to the sub-processed.

I suspect that one of the processes is waiting for a MAILBOX message. Use ANALYZE/SYSTEM and SHOW PROC/CHAN looking for 'busy'. You may also want to use the SDA MBX extention.


Hope this helps a little,

Groetjes,
Hein.

Wim Van den Wyngaert
Honored Contributor

Re: "Hang" on return

Does it stop when you wait about 10 minutes ?

Does it use T2T ? If the receiver does an exit without reading/closing sys$net it will receive a wait of 5 minutes (was on VMS 6.2).

Wim
Wim
Willem Grooters
Honored Contributor

Re: "Hang" on return

Actions of the new code: just what the old image seems to be doing (according SHOW PROCESS/ALL output and other information gathered), but basically as described in the attachment. No impersonation, plain system calls and direct access into system structures as well.
The images in the procedure are installed with the privs required, so any user can run the procedures, without elevated privs.
on SPAWN PIPE....The original sequence I got changes environment, copies a file in that environment that is otherwise inaccessible, changes ownership of this copy, restores the original environment and exits - as a single entity. There are other ways to achieve this but this is the code used in the production environment.
On mailbox: I guess so: My idea is that writing a message to a termination mailbox fails because the process' UIC has changed. However, I just noticed that the original program may change the process-UIC as well - but probably just in the process context, not in the JIB (as the new code does).
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: "Hang" on return

Wim: hasn't been mentioned; worth giving it a try (but I think it won't stop)
No T2T - what's T2T? - AFAIK.
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: "Hang" on return

T2T + SYS$NET = task to task. Could have thought about that: No, not involved.
Willem Grooters
OpenVMS Developer & System Manager