A number of files that contain system software, such as compilers and support libraries, might be misused to compromise security. Other files that can contain sensitive information are created in the daily operation of the system. Examples of such files include program dumps, memory dumps, and audit logs.

System Files

In all cases, actively protect the files discussed in the following paragraphs. Protect these files with guard files that restrict execution of the files to trusted persons or programs.

SYSTEM/DCALGOL

DCALGOL includes constructs for implementing and controlling a data communications environment. Because of the power of the DCALGOL language, a user could use it to bypass some system security features. For example, the DCKEYIN statement can send ODT messages to the MCP. Only privileged users or processes can use such constructs. However, it is advisable to grant access to SYSTEM/DCALGOL only to trusted users.

SYSTEM/DMALGOL

DMALGOL includes constructs for implementing and controlling database systems.

SYSTEM/NEWP

NEWP is a language designed for implementing master control programs (MCPs). As such, NEWP permits the writing of code that can alter fundamental system operations.

SYSTEM/INFOGUARDSUPPORT

SYSTEM/INFOGUARDSUPPORT contains the routine used to generate new passwords if the system security option PASSWORDMGMT has the value GENERATED. If you remove this file, the system will deny access to this feature.

SYSTEM/SDASUPPORT

This file is the System Data Access (SDA) support library, which controls access to the SYSTEM/SUMLOG. For information about protecting this library, see “Controlling Access to the SDASUPPORT Support Library”.

SYSTEM/DATACOMINFO

SYSTEM/DATACOMINFO is the file initially used to define the data comm configuration. Access to the file could enable a user to alter this configuration.

SYSTEM/TRAINTABLES

SYSTEM/TRAINTABLES defines the relationship between characters sent to the printing subsystem and the characters printed on system printers. By altering SYSTEM/TRAINTABLES, a user could scramble the information printed on listings.

SYSTEM/USERDATAFILE

This file contains entries identifying usercodes permitted to access the system and attributes for those usercodes, such as privileged status. For information about protecting SYSTEM/USERDATAFILE, see the System Software Utilities Operations Reference Manual.

Other Files

The following files are generally created by nonusercoded processes. When the security option NONUSERFILES has the value PUBLIC, files created by nonusercoded processes are public by default. In this case, take steps to protect these files.

One way to protect these files is to make the value of the NONUSERFILES option PRIVATE. The value of the SECURITYTYPE attribute defaults to PRIVATE for all files created by nonusercoded processes. Files that are public before NONUSERFILES = PRIVATE is designated continue to be public files; they are not made private retroactively. Action must be taken to protect such files.

JOBDESC

The JOBDESC file contains information on all the active and scheduled jobs.

Dump Files

These files, such as *DP files, are created by a memory dump, and they contain the complete contents of system memory at the time the dump occurred. When such files are written to tape, either by TAPEDUMP or DUMPDISKMASTER, they should be written to tapes that are protected.

The program used to analyze dumps—SYSTEM/DUMPANALYZER—is not privileged, so it does not enable unauthorized access to dump files that are protected as just suggested.

By setting the system security option PROGDUMPFILTER to TRUE, you limit nonprivileged users' views of program dumps to the contents of their own data. For more information, see the PROGDUMPFILTER option in SECOPT Option Purposes.

BADDISK/<name>

Files with names of this form are files of bad disk areas, and they should not be accessed.

CP/<name>

Files with names of this form are created as the result of an ALGOL CHECKPOINT statement, and they contain information about the program in which the checkpoints occurred. Some of this information might be sensitive.

Printer Backup Files

If NONUSERFILES is PUBLIC, all printer backup files are created as public files by default. To protect these files, either make NONUSERFILES equal to PRIVATE or make the value of the system security option USERCODEDBACKUP equal to TRUE. In the second case, all printer backup files will have associated with them the usercode of the user or process that created them. Such files are private by default.

TADS-Capable Programs

When a source file is compiled successfully with the TADS option specified, a TADS-capable program results. Such a program includes special debugging code and tables as part of the object code file. Because of the capabilities of some of these debugging features, TADS-capable code files should not be made privileged programs, support libraries, nor compilers.

Specifically, do not make a TADS-capable code file the object of either of the following system commands: