The CMKRNL privilege allows the user's process
to execute the Change Mode to Kernel ($CMKRNL) system service.
This system service lets a process change its
access mode to kernel mode, execute a specified routine, and then
return to the access mode that was in effect before the system service
was called. While in kernel mode, a process can enable any system
privilege.
A process holding both CMKRNL and SYSNAM can set
the system time.
Grant this privilege only to users who need to
execute privileged instructions or who need to gain access to the
most protected and sensitive data structures and functions of the
operating system. If unqualified users have unrestricted use of privileged
instructions and unrestricted access to sensitive data structures
and functions, the operating system and service to other users can
be easily disrupted. Such disruptions can include failure of the system,
destruction of all system and user data, and exposure of confidential
information.
The CMKRNL privilege lets a process perform the
following tasks:
| Task | Interface |
|---|
Modify
a multiprocessor operation | START/CPU, STOP/CPU |
Modify
systemwide RMS defaults | SET RMS/SYSTEM |
Suspend
a process in kernel mode | SET PROCESS/SUSPEND=KERNEL |
Modify
another process' rights list or its nondynamic identifier attributes | SET RIGHTS_LIST |
Grant
an identifier with modified attributes | SET RIGHTS/ATTRIBUTE |
Modify
the system rights list | SET RIGHTS_LIST/SYSTEM |
Change
a process UIC | SET
UIC |
Modify
the number of interlocked queue retries | $QIO request to an Ethernet 802 driver (DEBNA/NI) |
Connect
to a device interrupt vector | $QIO request to an interrupt vector (CONINTERR) |
Start
or modify a line in Genbyte mode | $QIO request to a synchronous communications line
(XGDRIVER) |
Set
the spin-wait time on the port command register | $QIO request to an Ethernet 802 driver
(DEBNA) |
Modify
a known image list | INSTALL |
Process
the following item codes: | SJC$_ACCOUNT_NAME item | | SJC$_UIC | | SJC$_USERNAME |
| Send
to Job Controller system service ($SNDJBC) |
Create
a detached process with unrestricted quotas | RUN/DETACHED, $CREPRC |
Examine the internals
of the running system | ANALYZE/SYSTEM |
