Re: Is it possible to use the value of the PROGRAM ID within the source code?

• Previous message: Chuck Stevens: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• In reply to: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Next in thread: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Reply: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 17 Jun 2004 10:15:17 -0700

"Robert Wagner" <robert.deletethis@wagner.net> wrote in message
news:40d0e65d.32860852@news.optonline.net...

> Silly me. I thought the hardware afforded protection independent of
language.
> Now you claim the language's 'hiding' features make the stack invisible to
> 'application code'.

EXIT, RETN, and the setting of the RCW on ENTR are independent of language.
The hardware scope rules and the D registers are independent of language.

> Obviously, we'll have to deny application programmers access to languages
that
> generate an EXIT or RETN, especially assembly language. That would be easy
on
> Unisys because there is no assembly language.

Application programs cause the compilers to generate EXIT, RETN, MKST and
ENTR all the time. What application programs cannot do is make use of raw
memory addresses, access other programs' stacks, or even access their own
stack as if it were data and "leapfrog" from there into a stack owned by
another process.

Moreover, precisely because memory *is* dynamically allocated, there is no
guarantee from one access to the next that a given piece of information will
be in the same physical location, so *raw* memory addresses are meaningless.

If you could decode a RCW or access the stack directly as if it were a
memory space, what would you do with that information, given that even that
space is protected by the scope rules?

> Tying programmers' hands is even worse security than 'information hiding'.

Users are welcome to write their own compilers. However, it is the compiler
author's responsibility to ensure that the code it generates is compatible
with all currently-supported machines, and there is no guarantee that a
given convention or approach to a process will survive for any period of
time. And if a user elects to change one of our compilers, any problem they
report in that language must be reproduced by them using, and reported
against, a released compiler; we do not support software that has been
locally patched.

Why is it necessary for a user program to have access to another process'
memory space without that process' direct involvement in the access? So
far as I know, very few, if any, actual *users* of this architecture have
found the mechanisms of memory management and the stack architecture
*restrictive*.

> > It doesn't, but it appears in IBM, Micro Focus, Fujitsu and others. In
other
> words, 98+% of available Cobol compilers.

Are we using the adolescent argument "But MOM!!!! Everybody who's *ANYbody*
has one!", eh? Or are we back to "What is or is not standards-compliant
COBOL has nothing to do with what the standards say, only with what I
perceive to be Admirable Practice!"?

Again, any Unisys MCP customer is welcome to file a New Feature Suggestion
against COBOL85 to request USAGE POINTER in that dialect. I daresay IBM,
Micro Focus, Fujitsu and others have incorporated it because *their*
customers have found it to be a useful feature. As far as ANSI X3.23-1985
COBOL goes, it is an extension, and in our case there has been so little
demand for this extension from our users -- that is to say, none -- and
there has been so little evidence that this feature would be of particular
benefit in the Unisys MCP environment -- none that I've seen so far, and a
lot of security risks -- that it isn't even on the list of such features for
consideration at this time.

    -Chuck Stevens

• Previous message: Chuck Stevens: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• In reply to: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Next in thread: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Reply: Robert Wagner: "Re: Is it possible to use the value of the PROGRAM ID within the source code?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]