10.0;subs (subsystem), revision 1.0, 88/01/21
subs (subsystem) -- Set or display subsystem attributes.
usage: subs object [subs_name] [-data]
[-mgr]
[-l] [-up | -down]
[-br]
DESCRIPTION
subs is used to set or show protected subsystem attributes. When setting
subsystem attributes, you must be running in that subsystem.
ARGUMENTS
object (required)
Specify pathname of an object. The function of the object
(either a protected file or a managing program) is
determined by options described below.
subs_name (optional)
Specify name of a subsystem. The shell searches the
directory /sys/subsys for the specified subsystem. If you
specify this argument, the attributes of the named
subsystem are set as directed by the options described
below.
Default if omitted: display attributes of object
OPTIONS
-data Set or display the name of the subsystem that manages
object.
-mgr Set or display the name of the subsystem for which object
is a manager. Object must be an executable file (a
program).
-up Increase the privilege level of a process running in a
subsystem so that it can directly access the objects it
owns. This option is meaningful only when running
inprocess (the environment variable INPROCESS is set to
"true").
-down Decrease the privilege level of a process; opposite of
-up. This option is meaningful only when running
inprocess (the environment variable INPROCESS is set to
"true").
-l List subsytem attributes and/or manager fields. This is
the default action if subs_name is not specified.
-br Display only the name of the subsystem. Not valid if
attributes are being set.
EXAMPLES
The following example illustrates the use of protected subsystems. First
we show a Pascal source program written to manage the subsystem. (The
calls issued to /sys/ins/aclm.ins.pas to enable proper subsystem ACL
checking are documented in the Domain/OS Call Reference.) Following that
is a shell script that installs the subsystem using the crsubs, ensubs,
and subs commands. Pascal Source Manager
{ pse --- protected subsystems example program }
{ usage: pse pse_file out_file
where:
pse_file protected object owned by 'ps_example' subsystem
out_file output file
The 'pse' program is used to extract the protected data from
objects owned by the 'ps_example' subsystem and put them in an
output file. As a trivial example, the protected data has
a sequence number in the first 8 columns of each line, which
is not logically part of the data, but which can be imagined
to be important to the integrity of the data. Extracting the
data removes the sequence number and copies the rest of the
line to the output file. If this were a real application, it
might also format and/or select the data sent to the output file.
}
program pse;
%include '/us/sys/ins/base.ins.pas';
%include '/us/sys/ins/streams.ins.pas';
%include '/us/sys/ins/aclm.ins.pas';
%include '/us/sys/ins/pgm.ins.pas';
%include '/us/sys/ins/error.ins.pas';
type
buf_t = array[1..128] of char;
var
istrid: stream_$id_t; { input stream id }
ostrid: stream_$id_t; { output stream id }
arg: name_$pname_t; { command line argument }
alen: integer; { length of command line argument }
st: status_$t; { status code }
sk: stream_$sk_t; { stream seek key }
buf: buf_t; { i/o buffer }
bp: ^buf_t; { pointer to same }
blen: integer32; { length of i/o buffer }
begin
{ get input file name }
alen := pgm_$get_arg(1, arg, st, sizeof(arg));
if (st.code <> 0) then begin
writeln('input file name missing.');
error_$print(st);
pgm_$set_severity(pgm_$error);
pgm_$exit
end;
{ open input file; must increase privilege to access
my own protected file... }
aclm_$up; { get more privilege }
stream_$open(arg, alen, stream_$read,
stream_$no_conc_write, istrid, st);
aclm_$down; { decrease privilege }
if (st.code <> 0) then begin
writeln('Can''t open input file.');
error_$print_name(st, arg, alen);
pgm_$set_severity(pgm_$error);
pgm_$exit
end;
{ get output file name }
alen := pgm_$get_arg(2, arg, st, sizeof(arg));
if (st.code <> 0) then begin
writeln('output file name missing.');
error_$print(st);
pgm_$set_severity(pgm_$error);
pgm_$exit
end;
{ create output file; DO NOT increase privilege: it would
be an error to write on one of my own protected objects
here -- I want an ordinary file }
stream_$create(arg, alen, stream_$overwrite,
stream_$no_conc_write, ostrid, st);
if (st.code <> 0) then begin
writeln('Can''t create output file.');
error_$print_name(st, arg, alen);
pgm_$set_severity(pgm_$error);
pgm_$exit
end;
{ now just copy the file... a real program would be more
complicated here. }
repeat
{ read a record... }
aclm_$up;
stream_$get_rec(istrid, addr(buf), 128, bp, blen, sk, st);
aclm_$down;
if st.code <> 0 then { error or EOF }
exit;
{ write a record, stripping off the sequence number.
Notice I did NOT make a check to see that the length
of the record was greater than 8 characters... I am
confident that the rest of the subsystem correctly
maintains sequence numbers, and that the protected
subsystem mechanism makes sure that only the subsystem
can operate on the data. }
stream_$put_rec(ostrid, addr(bp^[9]), blen-8, sk, st);
until st.code <> 0;
{ check that we stopped because of EOF }
if (st.subsys = stream_$subs) and then
(st.code = stream_$end_of_file) then
pgm_$exit;
{ not EOF --- a real error of some sort, then }
writeln('i/o error: ');
error_$print(st);
pgm_$set_severity(pgm_$error);
pgm_$exit
end.
Shell Script
#!/com/sh
# create a protected subsystem
crsubs ps_example
# create some data to be protected -- normally a sp
# operation would be used that guarantees data integ
catf >ps_data <<!
12345678this is some protected data
12345679next record of protected data
!
ensubs ps_example -v <<!
# enter the new subsystem in a shell
INPROCESS := true
export INPROCESS
subs -up
subs pse ps_example -mgr
# make pse a manager of 'ps_example'
subs ps_data ps_example -data
# protect the data
edacl ps_data -p none -ignore -g none -ignore -o none -ignore -w -
# now can only get at data from within
cpf ps_data ps_data2 -subs
# make a copy of the data
subs -down
!
pse ps_data out_file
# run pse to extract the protected data
catf out_file
# see the protected data
# now see how it fails if I try
#to make the output file a
# protected object of the 'ps_example'
#subsystem...
pse ps_data ps_data2
# try to clobber ps_data2
SEE ALSO
More information is available. Type
help protection protected_subs
For a detailed description of protected subsystems
help crsubs For details about creating a protected subsystem
help ensubs For details about entering a protected subsystem
help xsubs For details about executing a shell script as a subsystem
manager