Dear GreenHouse tool users,
some of you may believe - or be made to believe by so called experts - that $CMON is a quality security base of your NSK system which you can rely on. The bad news is, and always was: It never was and still is not!
$CMON became invented in the 197x time frame, when COMINT was the interactive interface into a Tandem system. Its intention was to have a kind of first level control over a user, e.g. to deny commands (such as ALTPRI), to control the start of a resource, or to translate command abbreviations into real commands (COMINT did not know about macros etc.).
The $CMON interface was carried forward with TACL.
Since SAFEGUARD exists - and that is since 1985 - there is no good reason for using $CMON left. Even the load balancing can easier and much more efficiently be accomplished by using the GreenHouse ShareWare product LAUNCHER.
And here are the reasons why $CMON is NOT a security base you can rely on:
- $CMON gets only involved from a standard TACL.
Even worse: A TACL object file can easily be manipulated in a way, that the $CMON interface is disabled, allowing a complete bypassing of measures provided by a running $CMON process. - GUARDIAN procedure calls used in applications other than TACL, such as
User_Authenticate_
AltPri
etc.
are NOT seen by $CMON at all!
This means: When you do not like to get $CMON involved in your activities - write your own small command interpreter - or use the tools explained below.
To demonstrate the weakness of $CMON, I have prepared a TACL object in a way, that it no longer talks to $CMON and bypasses all $CMON actions.