09/21/87 message_segments Known errors in the current release of message_segments. # Associated TR's Description 0029 none mseg_mbx_ms_gate_target_ has mseg_check_access_ check for proper ACL entries to send a wakeup (based upon target mailbox ACL modes) and audit the result of this check. Then mseg_mbx_ms_gate_target_ completes wakeup checking by examining AIM restrictions on sending a wakeup to the target process (one which is accepting wakeups on the target mailbox). This AIM check is not audited--thus auditing of sending wakeups is based only upon ACLs and not ACLs+AIM, so the audit message produced is sometimes incorrect (success rather than failure). 0018 The program mseg_mbx_ms_gate_target_ can return random ring 1 stack garbage to the user ring if a *_own_* call returns error_table_$no_message. 0016 There's a bug in mailbox_$wakeup_add_index and mailbox_$wakeup_aim_add_index which will cause these programs to fail to return the ID of the message added if, at the same time, they will also return an error indication (e.g., messags deferred). This bug will cause the functional tests to fail as one of the test cases for MAC must check that a message is added and error_table_$no_info is returned at the same time. 0014 The message segment primitives try to audit object that they can't see the existence of. When a user passes a pathname including an AIM upgraded directory, or the pathname of a mailbox whose ACL is corrupted so as to deny access to the user in ring 1, the message segment primitives get error_table_$incorrect_access back when they try to list access information for the segment. They then turn around and feed the same pathname back in to the auditing entrypoints of admin_gate_. These try to use dc_find to find the actual object, but fail (due to the same lack of access) entering nasty messages into the syserr log. There are two approaches to this. One would be to use privileged paths in ring 0 for auditing, so that a ring 1 program could audit an operation with respect to a completely inaccessible object. This is hard, and probably wrong. The second is to for ring 1 to notice the error code that means that the user cannot, and has not, even discovered if the object exists. In this case, it can audit the character pathname without any information. Also, note that ring zero has already audited the access failure. The admin_gate_ entry that suppresses audit only suppresses GRANT audits. ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved