HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 5 Descriptions of Object Classes

Global Sections

OpenVMS memory management services allow processes to communicate through shared memory pages called global sections. Using global sections, two or more processes can map the same page into their individual virtual address spaces, thereby sharing the same page of code or data.

A global section can provide access to a disk file (called a file-backed global section), provide access to dynamically created storage (called a page file-backed global section), or provide access to specific physical memory (called a page frame number [PFN] global section). A global section object may be either temporary or permanent.

The operating system supports two types of global section objects:

  • Group global sections are shareable memory sections potentially available to all processes in the same group.

  • System global sections are shareable memory sections potentially available to all processes in the system.

Naming Rules

The name of the object is a string of 1 to 44 characters. For group global sections, the name is qualified by your UIC group number.

Types of Access

The global section class supports the following types of access:

Read

Gives you the right to map the section for read access.

Write

Gives you the right to map the section for write access.

Execute

Gives you the right to map the section for read access. Only software running in executive or kernel mode can request this access.

Control

Gives you the right to modify the protection elements of PFN global sections and page file-backed global sections.

Template Profile

File-backed global sections share the security profile of the associated disk file. Whenever the profile of the backing file is modified, the global section's profile automatically changes. To modify the protection elements of file-backed global sections, you must modify the backing file instead.

The global section class provides the following template profiles. Although the template assigns an owner UIC of [0,0], this value is only temporary. As soon as the object is created, the operating system replaces a 0 value with the value in the corresponding field of the creating process's UIC.

Type Template Name Owner UIC Protection Code

System

DEFAULT

[0,0]

S:RWE,O:RWE,G:RWE,W:RWE

Group

DEFAULT

[0,0]

S:RWE,O:RWE,G:RWE,W:RWE

The operating system modifies the templates according to the values provided in the prot argument to $CRMPSC. The prot argument is ignored for file-backed sections.

To maintain compatibility with earlier versions of the operating system, the DEFAULT templates have protection codes allowing world access. Some applications may need a more restrictive default than the templates provide. If you do choose to restrict global section access, be aware that the more restrictive access can cause applications to fail in ways that are difficult to diagnose.

Privilege Requirements

The SYSGBL privilege is required to create or delete a system global section. The PFNMAP privilege is necessary to create or delete a page frame section, and the PRMGBL privilege is required to create or delete a permanent global section.

Kinds of Auditing Performed

The following types of events can be audited, provided the security administrator enables auditing for the appropriate event class:

Event Audited When Audit Occurs

Creation

When a page file-backed or a PFN global section is created by the Create and Map Section system service ($CRMPSC).

Access

When an existing page file-backed or a PFN global section is accessed with either $CRMPSC or the Map Global Section system service ($MGBLSC). The operating system audits access to a file-backed global section as a file access.

Deaccess

At image or process rundown when the process virtual address space is reset or deleted.

Deletion

If a process with PRMGBL privilege, PFNMAP privilege, or SYSGBL privilege (in the case of a system global section) deletes a permanent global section, the operating system audits the event through the use of privilege.

Permanence of the Object

A global section and its security profile need to be reset after every system boot.