Compilers generate object (executable) files from source code files. There are several utilities, libraries and objects used by compilers:
Compiler Languages:
C/C++
COBOL85
FORTRAN
NMC/NMCPLUS
NMCOBOL
Pascal
PTAL
SCOBOL
SQL*
TACL*
TAL
Utilities:
AXCEL*
BINDER*
CROSSREF*
Objects:
System libraries
Common run-time libraries
User libraries
The programs and utilities marked with an asterisk (*) are not covered in this section. Please refer to the appropriate Gazette section.
Compilers and their related utilities are resources whose security varies depending on the Corporate Security Policy concerning compilation on secure systems. Many sites control compilations by enforcing that all compilation be performed on a development system. Application change control policy governs the method and security to update the secure application.
Some sites do not use certain languages, but all sites use at least one language compiler for the secure application. Language compilation controls are a fundamental method that companies can use to control their application.
RISK Compilers can be destructive because code can be inserted or deleted to circumvent previously implemented controls.
RISK Language compilers might be used to develop test or hacking programs to access sensitive data.
AP-ADVICE-COMPS-01 On secure systems, languages that are not in active use should be secured from use and other language compilers should be accessible only to necessary personnel.
On secure systems, only members of the group (if any) responsible for compiling programs on the secure system should have access to secure object files.
AP-ADVICE-COMPS-02 To protect applications from inadvertent or malicious changes or outages, compilers and related utilities should be absent or very tightly locked down on secure systems.
AP-ADVICE-COMPS-03 On secure systems, compilers should not be accessible to prevent unauthorized access to secure data.
On development systems, members of the development group responsible for compiling programs should have access according to need.
AP-ADVICE-COMPS-04 Compilers and their associated files should be accessible to the groups needing access.
Access to the C language components is required for compilation. Securing the compiler object file controls the use of the language.
C Compiler Components:
C
CEXTDECS
CFRONT
CPREP
STD* C libraries starting with STD
BP-FILE-C-01 C should be secured "UUNU".
BP-OPSYS-OWNER-02 C should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 C must reside in $SYSTEM.SYSTEM.
BP-FILE-C-02 CFRONT should be secured "UUNU".
BP-OPSYS-OWNER-02 CFRONT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 CFRONT must reside in $SYSTEM.SYSTEM.
BP-FILE-C-03 CPREP should be secured "UUNU".
BP-OPSYS-OWNER-02 CPREP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 CPREP must reside in $SYSTEM.SYSTEM.
BP-FILE-C-04 C libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to C object files only to users who require access in order to perform their jobs.
BP-SAFE-C-01 Add a Safeguard Protection Record to grant appropriate access to the C object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the C object file and associated libraries? | Fileinfo |
OPSYS-OWNER-02 | Who owns the CFRONT object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the CPREP object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the C compiler on the system? | Policy |
FILE-POLICY | Who is allowed to use the CPREP compiler on the system? | Policy |
FILE-C-01 SAFE-C-01 | Is the C object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-C-02 | Is the CFRONT object file secured correctly? | Fileinfo |
FILE-C-03 | Is the CPREP object file secured correctly? | Fileinfo |
FILE-C-04 | Are the C libraries secured correctly? | Fileinfo |
Access to the COBOL85 language components is required for compilation. Securing the compiler object file controls the use of the language.
COBOL85 Compiler Components:
COBOL85
COBOLEX0
COBOLEX1
COBOLEXT
COBOLFE
COBOLLIB
CLULIB
CBL85UTL
CBLIBEXT
BP-FILE-COBOL-01 COBOL85 should be secured "UUNU".
BP-OPSYS-OWNER-02 COBOL85 should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 COBOL85 must reside in $SYSTEM.SYSTEM.
BP-FILE-COBOL-02 COBOL85 libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to COBOL85 object files only to users who require access in order to perform their jobs.
BP-SAFE-COBOL-01 Add a Safeguard Protection Record to grant appropriate access to the COBOL85 object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the COBOL85 object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the COBOL85 compiler on the system? | Policy |
FILE-COBOL-01 | Is the COBOL85 object file correctly secured with Guardian or Safeguard? | Fileinfo Safecom |
FILE-COBOL-02 | Are the COBOL85 libraries secured correctly? | Fileinfo |
Access to the FORTRAN language components is required for compilation. Securing the compiler object file controls the use of the language.
FORTRAN Compiler Components:
FORTRAN
FORTLIB
FORTERRS
BP-FILE-FORTRAN-01 FORTRAN should be secured "UUNU".
BP-OPSYS-OWNER-02 FORTRAN should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 FORTRAN must reside in $SYSTEM.SYSTEM.
BP-FILE-FORTRAN-02 FORTRAN libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to FORTRAN object files only to users who require access in order to perform their jobs.
BP-SAFE-FORTRAN-01 Add a Safeguard Protection Record to grant appropriate access to the FORTRAN object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the FORTRAN object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the FORTRAN compiler on the system? | Policy |
FILE-FORTRAN-01 SAFE-FORTRAN-01 | Is the FORTRAN object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-FORTRAN-02 | Are the FORTRAN libraries secured correctly? | Fileinfo |
Access to the native mode C/C++ language components is required for compilation. Securing the compiler object file controls the use of the language.
NMC/C++ Compiler Components:
NMC
NMCPLUS
NMCMT
BP-FILE-NMC-01 NMC should be secured "UUNU".
BP-OPSYS-OWNER-02 NMC should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 NMC must reside in $SYSTEM.SYSTEM.
BP-FILE-NMC-02 NMCPLUS should be secured "UUNU".
BP-OPSYS-OWNER-02 NMCPLUS should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 NMCPLUS must reside in $SYSTEM.SYSTEM.
BP-FILE-NMC-03 NMC/NMCPLUS libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to NMC/NMCPLUS object files only to users who require access in order to perform their jobs.
BP-SAFE-NMC-01 Add a Safeguard Protection Record to grant appropriate access to the NMC object files.
BP-SAFE-NMC-02 Add a Safeguard Protection Record to grant appropriate access to the NMCPLUS object files.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the NMC object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the NMCPLUS object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the NMC compiler on secure system? | Policy |
FILE-POLICY | Who is allowed to use the NMCPLUS compiler on the system? | Policy |
FILE-NMC-01 | Is the NMC object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-NMC-02 | Is the NMCPLUS object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-NMC-03 | Are the NMC libraries secured correctly? | Fileinfo |
Access to the native mode COBOL language components is required for compilation. Securing the compiler object file controls the use of the language.
NMCOBOL Compiler Components:
NMCOBOL
NMCOBEX0, NMCOBEX1, NMCOBEXT
BP-FILE-NMCOBOL-01 NMCOBOL should be secured "UUNU".
BP-OPSYS-OWNER-02 NMCOBOL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 NMCOBOL must reside in $SYSTEM.SYSTEM.
BP-FILE-NMCOBOL-02 NMCOBOL libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to NMCOBOL object files only to users who require access in order to perform their jobs.
BP-SAFE-NMCOBOL-01 Add a Safeguard Protection Record to grant appropriate access to the NMCOBOL object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the NMCOBOL object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the NMCOBOL compiler on the system? | Policy |
FILE-NMCOBOL-01 SAFE-NMCOBOL-01 | Is the NMCOBOL object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-NMCOBOL-02 | Are the NMCOBOL libraries secured correctly? | Fileinfo |
Access to the Pascal language components is required for compilation. Securing the compiler object file controls the use of the language.
Pascal Compiler Components:
Pascal
PASEXT
PASLIB
PASMONO
PASMSG
PASSQA
BP-FILE-PASCAL-01 Pascal should be secured "UUNU".
BP-OPSYS-OWNER-02 Pascal should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 Pascal must reside in $SYSTEM.SYSTEM.
BP-FILE-PASCAL-02 Pascal libraries should be secured "NUNU".
If available, use Safeguard or a third party object security product to grant access to Pascal object files only to users who require access in order to perform their jobs.
BP-SAFE-PASCAL-01 Add a Safeguard Protection Record to grant appropriate access to the Pascal object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the Pascal object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the Pascal compiler on the system? | Policy |
FILE- PASCAL-02 | Are the Pascal libraries secured correctly? | Fileinfo |
FILE- PASCAL-01 | Is the Pascal object file correctly secured with Guardian or Safeguard? | Fileinfo Safecom |
Access to the native TAL language components is required for compilation. Securing the compiler object file controls the use of the language.
PTAL Compiler Components:
PTAL
PTALCOM
BP-FILE-PTAL-01 PTAL should be secured "UUNU".
BP-OPSYS-OWNER-02 PTAL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 PTAL must reside in $SYSTEM.SYSTEM.
BP-FILE-PTAL-02 PTALCOM should be secured "UUNU".
BP-OPSYS-OWNER-02 PTALCOM should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 PTALCOM must reside in $SYSTEM.SYSTEM.
If available, use Safeguard software or a third party object security product to grant access to PTAL object files only to users who require access in order to perform their jobs.
BP-SAFE-PTAL-01 Add a Safeguard Protection Record to grant appropriate access to the PTAL object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the PTAL object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the PTALCOM object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the PTAL compiler on the system? | Policy |
FILE-PTAL-01 | Is the PTAL object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-PTAL-02 | Is the PTALCOM object file secured correctly? | Fileinfo |
Access to the SCOBOL language components is required for compilation. Securing the compiler object file controls the use of the language.
SCOBOL Compiler Components:
SCOBOLX
SCOBOLX2
BP-FILE-SCOBOL-01 SCOBOLX should be secured "UUNU".
BP-OPSYS-OWNER-02 SCOBOLX should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCOBOLX must reside in $SYSTEM.SYSTEM.
BP-FILE-SCOBOL-02 SCOBOLX2 should be secured "UUNU".
BP-OPSYS-OWNER-02 SCOBOLX2 should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCOBOLX2 must reside in $SYSTEM.SYSTEM.
If available, use Safeguard software or a third party object security product to grant access to SCOBOLX object files only to users who require access in order to perform their jobs.
BP-SAFE-SCOBOL-01 Add a Safeguard Protection Record to grant appropriate access to the SCOBOLX object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the SCOBOLX object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the SCOBOLX2 object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the SCOBOL compiler on the system? | Policy |
FILE-SCOBOL-01 | Is the SCOBOLX object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-SCOBOL-02 | Is the SCOBOLX2 object file secured correctly? | Fileinfo |
SQL compilation is discussed in the Gazette section on NonStop SQL.
Access to the TAL language components is required for compilation. Securing the compiler object file controls the use of the language.
TAL Compiler Components: TAL TALDECS
TALERROR
TALH
TALLIB
BP-FILE-TAL-01 TAL should be secured "UUNU".
BP-OPSYS-OWNER-02 TAL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 TAL must reside in $SYSTEM.SYSTEM.
BP-FILE-TAL-02 TAL libraries should be secured "NUNU".
If available, use Safeguard software or a third party object security product to grant access to TAL object files only to users who require access in order to perform their jobs.
BP-SAFE-TAL-01 Add a Safeguard Protection Record to grant appropriate access to the TAL object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-02 | Who owns the TAL object file? | Fileinfo |
FILE-POLICY | Who is allowed to use the TAL compiler on the system? | Policy |
FILE-TAL-01 | Is the TAL object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-TAL-02 | Are the TAL libraries secured correctly? | Fileinfo |
Related Topics
Securing Applications
BINDER
Libraries, SRLs & Common Routines