Everhart, Glenn From: Veli Körkkö [korkko@decus.fi] Sent: Wednesday, February 24, 1999 8:17 AM To: Info-VAX@Mvb.Saic.Com Subject: OpenVMS V7.2 Alpha and installed image privileges not propagated to subprocess subprocess Below is very simple C program. ---------------------- #include #include #include char cmd[]="$ show proce/all"; /* any DCL command can go here */ $DESCRIPTOR (clicmd,cmd); main () { unsigned int rstatus; unsigned int compstatus; printf(" starting the spawn\n"); rstatus = lib$spawn ( &clicmd, 0, 0, 0, 0, 0, &compstatus ); printf("\n The spawn status is: %d \n",rstatus ); printf("\n The subprocess completion status is: %d \n",compstatus ); } ----------------------- If this program is compiled and link with /NOTRACEBACK, in can then be installed with privileges, say with /PRIVI=SYSPRV. Now, with the program install with say SYSPRV, non-prived user running this program will have Authorized privileges: NETMBX SYSPRV TMPMBX Process privileges: NETMBX may create network device TMPMBX may create temporary mailbox when used on OpenVMS VAX V6.2, V7.1 as well as on OpenVMS VAX V7.2. But if we use this very same program on Alpha, we see privileges just like above on V6.2 and V7.1. Unfortunately V7.2 seems to different, i.e. the spawned process sees Authorized privileges: NETMBX TMPMBX Process privileges: NETMBX may create network device TMPMBX may create temporary mailbox I guess this is another "feature" that crept into VMS V7.2 when those per-thread security features were added. Unfortunately the program that we actually use, is not ours hence we cannot modify the program. Of course we could give the necessary privileges to the users... Shall we soon see patch fixing this and other privilege related "features"?