Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!ucbcad!ucbvax!CITHEX.CALTECH.EDU!carl
From: carl@CITHEX.CALTECH.EDU (Carl J Lydick)
Newsgroups: comp.os.vms
Subject: Re: INSTALLing shareable images with privs
Message-ID: <880110023401.03e@CitHex.Caltech.Edu>
Date: 10 Jan 88 10:38:30 GMT
References: <2312@crash.cts.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 17


 > In fact, you can't INSTALL a shareable image with privileges, at least not
 > in the sense of ADD shareable_image/PRIV=(...).  A lot of folks have *wanted*
 > to do that, so that whenever a procedure in the shareable image was called the
 > process would get the associated privs, which would disappear when the routine
 > RET'd, but that capability does not exist.  Nor is it likely to, ever, since
 > the CALL/RET mechanism does not allow for saving and restoring of privs.  

No, you're wrong.  You CAN install a sharable image with privs.  For example,
the commands:
	$ INSTALL:==$INSTALL/COMMAND
	$ INSTALL ADD SYS$SHARE:ENCRYPSHR/PRIV=PHY_IO
works just fine.  The image SYS$SHARE:ENCRYPSHR.EXE is (after these two
commands), in fact, installed with PHY_IO priv.  What you were trying to
say is that unless the image SYS$SHARE:ENCRYPSHR.EXE is activated from the
level of the command-language interpreter (typically DCL), the privs with
which it is installed don't get applied.