skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System Security HP OpenVMS Guide to System Security
go to beginning of part: Security for the System Administrator Security for the System Administrator
go to beginning of chapter: Using Protected Subsystems Using Protected Subsystems
go to previous page: How Protected Subsystems Work How Protected Subsystems Work
go to next page: System Management RequirementsSystem Management Requirements
end of book navigation links

Design Considerations  



Someone developing an application for a protected subsystem must link the application images without the /DEBUG or /TRACEBACK qualifiers.

Although this kind of subsystem often precludes the need for privilege, applications can be installed with privilege. For example, some applications may need the PRMGBL privilege to create permanent global sections, or they may need the AUDIT privilege to send security audit records to the system security audit log file. HP does discourage the installation of a protected subsystem application with privileges in the All category. This category includes such privileges as BYPASS, CMKRNL, and SYSPRV---privileges that allow a user to subvert OpenVMS access controls. See OpenVMS Privileges for a list of OpenVMS privileges and Assigning Privileges for a description of the privileges.

Subsystem designers need to generate a list of identifiers that are necessary for it to operate as intended. Then the designers approach you, as the security administrator, to make the preparations described in System Management Requirements.

go to previous page: How Protected Subsystems Work How Protected Subsystems Work
go to next page: System Management RequirementsSystem Management Requirements