Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!pasteur!ucbvax!UKANVAX.BITNET!sloane
From: sloane@UKANVAX.BITNET (Bob Sloane)
Newsgroups: comp.os.vms
Subject: RE: the recent security patch
Message-ID: <8805231259.AA16714@ucbvax.Berkeley.EDU>
Date: 23 May 88 13:00:03 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 30
X-Unparsable-Date: Wed, 18 May 1988 09:58:59.58 CDT

Darren Griffiths writes:
>                               Other things that were broken include programs
>like PHOTO that use pseudo-terminal drivers to act as session loggers.
>
>It seems that some of the programs that use pseudo-terminal drivers will have
>to be modified before they will be able to work again.  This is unfortunate,
>but it is necessary to provide extra security on VMS systems.

I was wondering if anyone has any hints as to how PHOTO can be fixed to
work with the new security patch.  I am taking a lot of heat from users
to get it working again.  It appears that a process must have SYSPRV
turned on to allocate a Pseudo Terminal device.  Since PHOTO uses a
PTY for the input/output files for LIB$SPAWN, it must have SYSPRV turned
on when the LIB$SPAWN is done.  This means that the subprocess has
SYSPRV in its authorized privs.  I don't really want to give all 2000
students on campus SYSPRV, and I haven't been able to figure out how to
EXACTLY duplicate LIB$SPAWN using SYS$CREPRC.  If you know of any way
to get PHOTO working, PLEASE let me know.

I agree that security is important, but it would be nice if DEC would
help us out by keeping currently working software running when they issue
these fixes, or at least providing clues about how to fix broken programs.

Thanks for any help.

                      Bob Sloane
                      University of Kansas
                      Computer Center
                      (913) 864-0444
                      SLOANE@UKANVAX.BITNET