develooper Front page | perl.vmsperl | Postings from January 2002

Re: Privileges won't let me "opendir"?

Thread Previous | Thread Next
From:
PPrymmer
Date:
January 29, 2002 13:47
Subject:
Re: Privileges won't let me "opendir"?
Message ID:
OF6391036C.A7292EFC-ON85256B50.0076BF3D@55.25.11

Yes there seems may be a bug in interpreting non SS$_NORMAL returns
from vms.c:cando_by_name() that I have seen in perl 5.005_02 as well
(my test case was not a PRIV problem though).

It might be worthwhile considering some ACL tests in test.com (or were we
supposed to get rid of that procedure?).

Peter Prymmer



                                                                                                                         
                      Tom Edelson                                                                                        
                      <Tom.Edelson@sas         To:      "'vmsperl@perl.org'" <vmsperl@perl.org>                          
                      .com>                    cc:                                                                       
                                                                                                                         
                      01/29/2002 04:05         Subject: Privileges won't let me "opendir"?                               
                      PM                                                                                                 
                                                                                                                         
                                                                                                                         



The following seems like a bug to me, but maybe I'm missing something ...

The built-in "opendir" function doesn't seem to follow normal VMS security
rules.  In particular, if I have access to a directory, but only because I
have privileges turned on, I think opendir should succeed, but it doesn't.


  $ perl -v

  This is perl, v5.6.1 built for VMS_AXP
  [...]

With no access in the directory's security profile, and no privileges,
naturally I can't read the directory through DCL and opendir doesn't work
either:

  $ DIR /SEC TEMP.DIR

  Directory $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH]

  TEMP.DIR;1           [SYSTEM]                         (RWE,RWE,RE,)
  Total of 1 file.

  $ SET PROCESS /PRIVILEGE=(NOALL,NETMBX,TMPMBX)

  $ DIR [.TEMP]
  %DIRECT-E-OPENIN, error opening $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH.TEMP]*.
*;* as input
  -RMS-E-PRV, insufficient privilege or file protection violation

  $ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
  <>

If I give myself BYPASS privilege, now I can read the directory through
DCL, but opendir still doesn't work:

  $ SET PROCESS /PRIVILEGE=BYPASS

  $ DIR [.TEMP]

  Directory $1$DUA330:[HOSTVAX.TOEDEL.SCRATCH.TEMP]

  FOO.TXT;1

  Total of 1 file.

  $ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
  <>

Now if I change the protection on the directory so that the world can read
it, then opendir does work:

  $ SET SECURITY /PROTECTION=W:RE TEMP.DIR

  $ perl -e "print ""<"", opendir ($dh, ""[.temp]""), "">"" "
  <1>

This is not good news when you're writing an installation program, whose
users generally have privileges, and may have some of the accesses that
they need only through privileges.

I suppose I could work around it by explicitly [and temporarily] giving
myself access to the directory from within the program.  Anybody happen to
know if there's a way to do this other than invoking DCL from Perl, e.g.
with "system()"?

Thanks.

/            Tom Edelson
             VMS Release Engineering
             SAS Institute, Inc.
             Tom.Edelson@sas.com
Thread Previous | Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About