Discovery Questions Look here:
OPSYS-OWNER-01 Who owns the LTILT object file? Fileinfo
OPSYS-OWNER-01 Who owns the VTILT object file? Fileinfo
OPSYS-OWNER-01 Who owns the ZTILT object file? Fileinfo
OPSYS-OWNER-01 Who owns the $SYSTEM.Z*SRL SRL files? Fileinfo
OPSYS-LICENSE-01 Is the LTILT object file licensed? Fileinfo
FILE-POLICY Are private SRLs used on the system? Policy
FILE-POLICY Who is allowed to maintain private SRLs on
the system?
Policy
FILE-LTILT-01 Is the LTILT object file secured correctly? Fileinfo
FILE-VTILT-01 Is the VTILT object file secured correctly? Fileinfo
FILE-ZTILT-01 Is the ZTILT object file secured correctly? Fileinfo
FILE-SRLS-01 Are the $SYSTEM.Z*SRL SRL files secured
correctly?
Fileinfo
Related Topics
Compilers
Securing applications
Operating system
Licensed Files
Operations reserved for Guardian are called privileged operations. They control access
to hardware and software resources. The operating system needs some privileged
programs.
Guardian prevents application programs and users from directly performing privi-
leged operations. Applications must ‘ask’ the operating system to perform privileged
operations, rather than performing them themselves, this is done with Guardian pro-
cedure calls.
Programs running in the privileged mode have complete access to operating
system tables and can execute privileged instructions and procedures. Only
SUPER.SUPER can execute these programs if they are unlicensed. However, pro-
grams containing privileged code can be licensed to enable someone other than
SUPER.SUPER to execute them.
Part 6
Licensed Files 327
Generally, only HP system code should be licensed, but licensing also allows appli-
cations to run privileged programs, while preventing users from running unauthorized
privileged programs.
Certain third party products may need to license certain of their programs or
library files. The necessary documentation should be provided by the vendor.
RISK Licensing a program has the effect of giving it the privileges of the
SUPER.SUPER user. Privileged operations in the program can bypass any ordi-
nary security interface (such as authentication of userids and memory-
management protection).
RISK Licensing can allow a program to execute ordinary instructions but
using privileged addressing modes that allow references to system global (SG)
data space.
RISK Licensing a program that uses privileged operations can seriously com-
promise both system integrity and security, by granting the program access into
system spaces that provide the opportunity to alter system tables and data.
RISK Data and information can be gathered and/or modified anywhere in the
system. Execution of privileged instructions can directly access the interproces-
sor bus and I/O devices. It has the potential to change its PAID in the process
control block in order to gain the privileges of other users (including
SUPER.SUPER) and then browse and change files or directly manipulate physi-
cal hardware resources.
RISK A licensed program has the potential to bypass any ordinary security
interface (such as authentication of userids and memory-management
protection)
RISK If an intruder’s program is licensed, the intruder can execute procedures
that have either the PRIV or CALLABLE attribute, making the program capa-
ble of modifying protected memory areas, including its own or other programs’
instructions and data, without leaving evidence of the change.
Securing LICENSED Files
Monitoring the licensed programs on the system is fundamental to the Corporate
Security Policy. There are four phases necessary to ensure that the system is not vulner-
able to unauthorized licensed programs or unauthorized use of approved licensed
programs.
Documentation and authorizing of all licensed programs
Securing licensed files
328 Licensed Files
Controlling the license command
Scheduled review for unauthorized licensed programs
Documentation and Authorization of Licensed Programs
AP-ADVICE-LICENSED-01 Creating in-house licensed programs is not rec-
ommended. Licensed programs require review with each new HP operating sys-
tem release. If in-house licensed programs are used, stringent auditing controls
should be performed as described below.
Creating and adhering to procedures to review and document all requests to
LICENSE programs is basic to sound security.
The company’s HP NonStop server security procedures should include the fol-
lowing instructions for managing license requests for in-house user-written programs.
1. The request for license should include a full explanation of the program’s pur-
pose and a justification of the use of privileged procedures.
2. The system manager or a trusted programmer must review the source code. The
reviewer should look for possible security violations wherever the program:
Changes operating system control blocks
Changes the PAID (especially to 255,255) or effective userid
3. Management must approve the licensing in writing with approved signature(s).
4. To assure that the source code matches the actual object program, the system
manager, not the developer, should compile and bind the final program.
5. The program must be tested to ensure that it does not perform or allow any
actions that would be considered security violations. This test is usually per-
formed by the Security staff.
6. The above document should be maintained in a file for future reference by
auditors.
7. Requests for licensing user programs may be allowed if the following conditions
are met:
a) The function is legitimate and necessary.
b) The function cannot be achieved using non-privileged programming
techniques.
8. Secure LICENSED programs so that only authorized users can execute them.
Part 6
Licensed Files 329

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.