Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Running Presentation Manager Programs from the Privileged Command File

IP.com Disclosure Number: IPCOM000105560D
Original Publication Date: 1993-Aug-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 2 page(s) / 73K

Publishing Venue

IBM

Related People

Li, CM: AUTHOR [+2]

Abstract

Disclosed are changes to the IBM OS/2 LAN Server 2.0*, Advanced Server package. The Advanced Server includes a feature called Local Security. Local Security uses a "secure shell" program, in conjunction with the 386 HPFS file system, to provide an environment where file accesses by local programs are subjected to privilege and access checking, just as is done by the server for accesses by remote programs on client machines.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Running Presentation Manager Programs from the Privileged Command File

      Disclosed are changes to the IBM OS/2 LAN Server 2.0*, Advanced
Server package.  The Advanced Server includes a feature called Local
Security.  Local Security uses a "secure shell" program, in
conjunction with the 386 HPFS file system, to provide an environment
where file accesses by local programs are subjected to privilege and
access checking, just as is done by the server for accesses by remote
programs on client machines.

      Local programs can be started as "privileged" programs,
excluding them from access checking.  An invention was needed for LAN
Server 2.0 to allow Presentation Manager* (PM) programs to started
privileged.

      Some of IBM OS/2 LAN Server 2.0's components used licensed
source code as a baseline.  That source code also makes up
Microsoft's LAN Manager 2.0** product (LANMAN 2.0).  The secure shell
(SECURESH.EXE) and 386 HPFS file system are two such components.  The
original SECURESH.EXE and 386 HPFS source, as licensed from Microsoft
and shipped in LANMAN 2.0, did not permit PM programs to be started
privileged.

      SECURESH.EXE is installed as the shell program spawned during
the boot sequence, as specified by the PROTSHELL= line in CONFIG.SYS.
Since SECURESH.EXE is itself privileged, any program it spawns
inherits privilege.  SECURESH.EXE starts all programs listed in the
"privileged command file" (which is normally PRIVINIT.CMD) as
privileged programs.  Lastly, SECURESH.EXE removes its privilege and
spawns the Presentation Manager Shell, PMSHELL.EXE.

      As shown by the following flow diagram, the LANMAN 2.0 version
of SECURESH.EXE starts PRIVINIT.CMD in the background before
PMSHELL.EXE starts the Presentation Manager.  Presentation Manager
programs can't be started successfully since the command file is
executing in the background, before PM is initialized.  Note that
outputs are piped to a log file; therefore, outputs are not visible
to users as the command file is executed.

          Workstation is started
                      |
                      V
           CONFIG.SYS is processed; RUN= programs are privileged
                       |
                       V
            SECURESH.EXE is started; it enables 386 HPFS local
security
                        |
                        V
          ...