Well if it wasn't well known it is now.
----- Original Message -----
From: "Stevenson, Charles" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, December 15, 2005 9:38 AM
Subject: RE: [U2] global catdir question - security hole
It is a security hole, well-known and by design.
From: john reid
I notice that an ls -lt in the u1 /uv /catdir directory
indicates that the *PROGRAM.NAME is updated apparently each
time an execution happens, at least that is what it looks
like to me. Anyone know if or why that is happening?
Every time a globally catalogued program is executed, a counter is
incremented.
Run MAKE.MAP.FILE then look at the REF attribute <3> in &MAP& to see the
counter.
A simple "MAP" command displays it.
This means that catdir files are writeable by all and a sneaky
programmer can slip a nasty version of a program into catdir.
I do not understand why Universe insists on keeping that counter buried
in the object file.
Why not just use a simple companion "catdir-ref" file or dir for the
counter? It sounds more efficient, too.
cds
-------
u2-users mailing list
[email protected]
To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
[email protected]
To unsubscribe please visit http://listserver.u2ug.org/
