Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax!news@seismo.CSS.GOV@umnd-cs.D.umn.edu From: news@seismo.CSS.GOV@umnd-cs.D.umn.edu Newsgroups: mod.computers.vax Subject: Submission for mod-computers-vax Message-ID: <8702170810.AA10005@cs-gw.D.UMN.EDU> Date: Tue, 17-Feb-87 03:10:28 EST Article-I.D.: cs-gw.8702170810.AA10005 Posted: Tue Feb 17 03:10:28 1987 Date-Received: Wed, 18-Feb-87 20:00:18 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 43 Approved: info-vax@sri-kl.arpa Path: umnd-cs!umn-cs!moll From: moll@umn-cs.UUCP Newsgroups: mod.computers.vax Subject: Re: Correction to Privelege Query Message-ID: <31000002@umn-cs.UUCP> Date: 16 Feb 87 18:44:00 GMT References: <8@<122788247.UUCP> Lines: 31 Nf-ID: #R:<122788247:-800:umn-cs:31000002:000:1670 Nf-From: umn-cs!moll Feb 16 12:44:00 1987 Posted: Mon Feb 16 12:44:00 1987 > [...] indicating that only NETMBX and TMPMBX were in > effect. No error was detected on the call to SYS$SETPRV in the subroutine > that tried to raise the priv to SYSNAM. I don't know why. I've been away from VMS for awhile, but doesn't SETPRV normally refuse to set unauthorized bits without returning an error? I have never been able to get privileges to work for a sharable image. As far as I can tell, the image privilege mask for the process is set when the original (calling) image is activated without regard to the privileges of the shareable (called) image. I called the Dec hotline and asked if there was some way to install a shareable subroutine with privilege and they said no. This makes sense to me since image privileges would have to change across a subroutine call when the image activator is already long gone. If anyone does know how to get this to work, I'd like to hear about it. I'm not completely sure of my facts here, I'm just saying that I couldn't make it work. I think there may be a harder solution, though. The linker manual mentions the possibility of creating known images which can be called by unprivileged code, yet operate in a privileged access mode (Kernel or Exec). I think the idea is that the user code calls the routine with a CMKRNL instruction rather than an ordinary subroutine call. This would cause an interrupt to the kernel which, if the call wasn't a recognized system service call, would look through some table (ISD's?) looking for such a routine to dispatch to. Anybody out there ever create such a beast? Can anybody point to the proper documentation (the linker manual gives it about three lines)?