HPE Community
Operating System - OpenVMS
1757845 Members
2632 Online
108865 Solutions
New Discussion юеВ

"Hang" on return

 
SOLVED
Go to solution
John Gillings
Honored Contributor

тАО03-15-2009 07:08 PM

тАО03-15-2009 07:08 PM

Re: "Hang" on return

Willem,

Rather than trying to plug all the inevitable holes in your SETENV utility (it will be a never ending task!), why not do this using existing, working and supported mechanisms?

First thing that springs to mind is:

$ SUBMIT/USER=TOMG2
$ SYNCHRONIZE/ENTRY='$ENTRY'
$ stat=$STATUS

Yes, SUBMIT/USER is a privileged command, but you have the required privileges.

There are many other possibilities.
A crucible of informative mistakes
0 Kudos
Willem Grooters
Honored Contributor

тАО03-15-2009 11:48 PM

тАО03-15-2009 11:48 PM

Re: "Hang" on return

Hein: There is no SET PROCESS/HIBER either, so I'm not surprised ;)
Jan: No, entirely different
John: this might be a better solution _in this case_ but it's not always applicable. The same sequence can be executed by non-privileged users in which case SUBMIT/USER is not possible. Besides - the method has been in use over 10 years and is embedded in quite a few (production) scripts....
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО03-15-2009 11:57 PM

тАО03-15-2009 11:57 PM

Re: "Hang" on return

set mes sys$message:prgdevmsg.exe
write sys$output f$mes(%xf48009)
%SDA-S-SUCCESS, success

fwiw

Wim
Wim
0 Kudos
Willem Grooters
Honored Contributor

тАО03-16-2009 05:35 AM

тАО03-16-2009 05:35 AM

Re: "Hang" on return

Wim: Obvious :). The problem is not SDA or any command or script executed when SETENV is run, but what happens id the subprocess is stopped (no matter what way). Normal exit of SDA will fail to wakeup the main process when the new exe is used, where the old one works fine.

I've done some more investigation with two processes; one using the old image, the other using the new. In both; I executed SPAWN and SETENV; then, I analyzed the system and rercorded JIB, PCB and PHD, and compared the outcome (just the labels and values; addresses removed. The result v=can be found in the attachement. Most differences are obvious, but I do have one that I could not explain; that one is a few lines below PCB$L_INITIAL_KTB in the form,marked "******"in the center.

Could it be that some P1 data needs to be altered? If so,what would I need to look at?
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Hoff
Honored Contributor

тАО03-16-2009 06:04 AM

тАО03-16-2009 06:04 AM

Re: "Hang" on return

Among other wrinkles, I've seen all manner of ownership and logical name table and mailbox issues when SPAWN is involve such as often arises within a PIPE.

DCL does not expect processes to swap identities on the fly.

SET UIC (deprecated) regularly blows up processing with DCL, for instance.

Spoofing code also tends to break at upgrades.

And some of the spoofing code I've reviewed has introduced more and larger security holes than its authors had intended to plug.

Find and use another way to reach your goals here. Create a server and pass command(s) into it. Or better (since passing in user commands is a path for injection) pass in requests or codes using a fixed and known grammar.

And yes, I know you'll ignore the comments here. Why? Well, I ignored the folks that tried to tell me this, too. A design that allows spoofing the user security context on the fly in an interactive or command-level environment is generally somewhere between a Really Bad Idea and a Massively Bad Idea. (qv: XSS, SQLI, etc.) Simplify the design. Mailboxes and hangs are the least of the issues.

Put another way, I'd suggest a redesign here. It'll be easier to support, easier to maintain, easier to lock down, and the results will survive upgrades.
0 Kudos
Willem Grooters
Honored Contributor

тАО03-16-2009 07:31 AM

тАО03-16-2009 07:31 AM

Re: "Hang" on return

Hoff: I fully agree that redesign (of the whole environment) is the right way to go and if I had the chance of doing so, I would follow that direction. But I'm not in charge in planning or architecture of this project and just have to get things working, to meet the requirement that 'existing code should work unchanged'. No doubt that sounds familiar :( .

We're well on the way for that:
Without SPAWN, it's fine.
With SPAWN, it's fine once the situation is set back to normal. But if the subprocess finishes before that, the main process is not notified. There must be something within VMS that causes this to happen; the only question is: What.

(Once I know that, the program could be altered to work properly. That will be the last change made to the code - further maintenance is not foreseen.)
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Jess Goodman
Esteemed Contributor

тАО03-16-2009 09:44 AM

тАО03-16-2009 09:44 AM

Solution

Re: "Hang" on return

Your problem is because after your SETENV the sub-process no longer has write access to its termination mailbox. The parent process is waiting with a write-attention AST on this mailbox and will not continue until a process termination accounting record is written there.

This is easy to demonstrate:
$ SPAWN
%DCL-S-SPAWNED, process GOODMAN_55891 spawned
%DCL-S-ATTACHED, terminal now attached to process GOODMAN_55891

$ SET UIC [100,1]
$ SET PROCESS/PRIV=NOBYPASS
$ LOG
Process GOODMAN_55891 logged out at 16-MAR-2009 17:37:05

(parent process hangs)
--------------------------------------------
$ SPAWN
%DCL-S-SPAWNED, process GOODMAN_13828 spawned
%DCL-S-ATTACHED, terminal now attached to process GOODMAN_13828
$ SAY F$GETJPI(0,"TMBU")
3078
$ SHOW DEVICE/FUL MBA3078:

Device MBA3078:, device type local memory mailbox, is online, record-oriented
device, shareable, mailbox device.

Error count 0 Operations completed 1
Owner process "" Owner UIC [STAFF,GOODMAN]
Owner process ID 00000000 Dev Prot S,O:RWPL,G,W
Reference count 1 Default buffer size 256

$ SET SECURITY /CLASS=DEVICE MBA3078: /PROTECTION=W:RWED
$ SET UIC [100,1]
$ SET PROCESS/PRIV=NOBYPASS
$ LOG
Process GOODMAN_13828 logged out at 16-MAR-2009 17:43:11
%DCL-S-RETURNED, control returned to process GOODMAN
$
(parent process resumes)
I have one, but it's personal.
0 Kudos
Hein van den Heuvel
Honored Contributor

тАО03-16-2009 10:00 AM

тАО03-16-2009 10:00 AM

Re: "Hang" on return

Hi Jess,

Thanks for confirming what several suspected.
Nice & easy reproducer. So the solution for Wim will be to add code to change the process termination mailbox protection or owner.

Hein.

JPI$_TMBU
Returns the termination mailbox unit number, which is a longword integer value.







0 Kudos
John Gillings
Honored Contributor

тАО03-16-2009 02:09 PM

тАО03-16-2009 02:09 PM

Re: "Hang" on return

Willem,

(not sure why I bother answering your questions when you invariably ignore the advice, but anyway...)

OK, so the problem is really that your procedure exits abnormally, preventing your SETENV from reverting to the old environment, so it can't write to the mailbox etc...

Rather than trying to fix the flawed mechanism, how about trying to ensure the reversion happens regardless of what the procedure does? Since I don't know the nature of what it's doing, or how its failing, here are a few suggestions:

$ SPAWN PIPE SETP tomg2 ; SET NOON ; ; SETENV TOMG1

$ SPAWN PIPE SETP tomg2 ; SPAWN @procedure ; SETENV TOMG1


Failing that, you could use a big hammer and fix the protection on the mailbox prior to fiddling the UIC. Of course, this opens a potential security hole of sorts, as anyone will be able to write to the mailbox

$ SPAWN PIPE SET SECURITY/CLASS=DEVICE/PROTECTION=(W:RW) DCL$ATTACH_'F$GETJPI("","PID")' ; SETP tomg2 ; ; SETENV TOMG1

Note that the F$GETJPI executes in the context of the parent process, so it gets the correct mailbox name.

To plug the security hole you could insert an ACE granting access only to the user to which you're going to SETP, rather than the blunt instrument "W:RW". Once that's done, you may even be able to eliminate the SETENV to revert.
A crucible of informative mistakes
0 Kudos
Willem Grooters
Honored Contributor

тАО03-17-2009 12:01 AM

тАО03-17-2009 12:01 AM

Re: "Hang" on return

Jess: I already suspected that, just the point how to get that device ....
Hein: That will do for that; I already add an ACE to the terminal, I can easily add another device :)
John: See my comment on Hoff. I can't change things here.
Your last suggestion on how to change the ACL on the termination mailbox is what I will insert.
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.