INSPECT Subsystem
INSPECT is an interactive symbolic debugger. It can be used to debug multiple programs at once. Developers specify debugging commands using the same identifiers used in the source code. Because the INSPECT debugger must find symbol tables in the object module to allow this feature, the compilers provide the symbol information to Binder at compile time.
INSPECT makes it possible to look at programs while they are running. It can stop and resume execution of the program selectively, helping a developer find out how the program is malfunctioning.
INSPECT can be used with C/C++, COBOL85, FORTRAN, Pascal, SCREEN COBOL, TAL, PTAL and native languages.
INSPECT can be used in the OSS environment. OSS Programs use the OSS Application interface while interactive users use the OSH shell as the command interpreter. Debugging support includes OSS file descriptors, signals and program IDs (PIDs).
RISK INSPECT provides a mechanism whereby running processes can be modified by human interaction.
AP-ADVICE-INSPECT-01 INSPECT is used extensively on a development system, but should rarely be used on a secure system. Therefore, the security requirements are vastly different.
RISK A user running INSPECT could capture sensitive data, userids, passwords, etc. as they are used internally in a program.
The INSPECT interactive symbolic debugger consists of the following components :
INSPECT
IMON Process pair
DMON Processes
INSPMSG
INSPEXT Customization Files
INSPSNAP
Saveabend Files
Visual Inspect software
INSPECT User Program
The INSPECT process provides the terminal interface to INSPECT. There is one INSPECT process for each terminal in use for debugging.
INSPECT should run as the user who invoked it.
IMON System Program
The IMON monitors the operation of INSPECT for an entire system. There is one IMON process pair for each system, named $IMON. The $IMON process pair is normally started as part of the standard system startup procedures.
IMON starts the DMON processes and INSPECT. IMON assumes that the object files for the DMON and INSPECT programs also reside in its subvolume.
RISK INSPECT cannot be started without a running $IMON process.
To stop the INSPECT subsystem, stop the IMON process using the name form of the TACL STOP command. Note that this will stop only the IMON processes, not the DMON processes. So once IMON is stopped, the DMON processes must be stopped individually.
DMON System Program
DMON processes provide the execution control facilities of INSPECT. There is one DMON process for each CPU on a system named $DMnn where the nn is the number of the CPU; i.e. $DM01.
IMON automatically starts the DMON processes, and restarts them if they abend or stop.
INSPECT Customization Files
INSPECT reads two files (INSPLOCL and INSPCSTM) before it issues its first prompt. This allows users to customize their INSPECT environment before entering any commands. Both of these files are standard INSPECT command OBEY files that contain ASCII text with valid INSPECT commands.
Unlike FUP, the INSPLOCL and INSPCSTM files are not automatically created by INSPECT.
INSPCSTM files are located on each user's default subvolume. Please refer to Gazette section on *CSTM Configuration Files.
The INSPLOCL file is generally used to run INSPECT environment commands for an INSPECT session.
The INSPLOCL file must reside in the current SYSnn; the INSPECT object file's subvolume. The file is 'shared' by all users. Whenever INSPECT is invoked, each command in the INSPLOCL file is executed. This enables the system administrator to configure a site-standard INSPECT environment.
When INSPECT is run on a remote node, the INSPLOCL in the SYSnn sub- volume on the remote node is used.
The INSPLOCL file should be treated like a System Configuration File and secured accordingly .
RISK If the security of the INSPLOCL file grants a user other than the owner WRITE or PURGE access, they could modify the file or PURGE it and replace it with a new one.
INSPSNAP
The Inspect Process Snapshot Server (INSPSNAP) creates process snapshot files, also known as save files. INSPSNAP saves information from privileged data segments in save files for processes that run with the SUPER ID (255,255).
INSPECT SAVEABEND Files
When INSPECT creates a save file for a process abend, the disk file code is 130. These files are created in the subvolume where the program file resides. The file name is of the form ZZSA<nnnn>.
VISUAL INSPECT SOFTWARE
HP Visual Inspect software is an optional GUI component for inspecting object code. The server components for Visual Inspect software are:
INSPBRKR
INSPRULE
INSPSVR
INSPSMSG
RISK If Visual Inspect software is activated, risks detailed in this section are expanded to the PC user.
AP-ADVICE-INSPECT-02 Unless necessary, secure the Visual Inspect server components for limited access.
INSPECT and Pathway
Pathway provides execution controls to the inspect interface for Pathway applications. The Pathway configuration must include SET TCP INSPECT ON command to inspect a requestor and SET SERVER DEBUG ON to inspect a server.
RISK SET TCP INSPECT ON should not be the default for secure Pathway application requestors or INSPECT can be used.
RISK SET SERVER DEBUG ON should not be the default for secure Pathway application servers or INSPECT can be used.
Securing INSPECT Components
BP-PROCESS-IMON-01 $IMON process should be running.
BP-FILE-INSPECT-01 IMON should be secured "UUCU".
BP-OPSYS-OWNER-01 IMON should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 IMON must reside in $SYSTEM.SYSnn.
BP-PROCESS-DMON-01 $DM<nn> processes should be running.
BP-FILE-INSPECT-02 DMON should be secured "UUCU".
BP-OPSYS-OWNER-01 DMON should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 DMON must reside in $SYSTEM.SYSnn.
BP-FILE-INSPECT-03 INSPECT should be secured "UUNU".
BP-OPSYS-OWNER-01 INSPECT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 INSPECT must reside in $SYSTEM.SYSnn.
BP-FILE-INSPECT-04 INSPMSG should be secured "NUNU".
BP-OPSYS-OWNER-01 INSPMSG should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 INSPMSG must reside in $SYSTEM.SYSnn.
BP-PROCESS-INSPSNAP-01 $ZSSnn processes should be running.
BP-FILE-INSPECT-05 INSPSNAP should be secured "UUNU".
BP-OPSYS-OWNER-01 INSPSNAP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 INSPSNAP must reside in $SYSTEM.SYSnn.
BP-FILE-INSPECT-06 INSPLOCL should be secured "NUNU".
BP-OPSYS-OWNER-01 INSPLOCL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 INSPLOCL must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant access to INSPECT object files only to users who require access in order to perform their jobs.
BP-SAFE-INSPECT-01 Add a Safeguard Protection Record to grant appropriate access to the IMON object file.
BP-SAFE-INSPECT-02 Add a Safeguard Protection Record to grant appropriate access to the INSPECT object file.
INSPECT Commands With Security Implications
This section lists only the INSPECT commands which pose security risks.
SET PRIV MODE Enables INSPECT operations requiring privileged system access.
The user must be logged on as SUPER.SUPER to use the SET PRIV MODE command.
M Modifies data and registers
3P-ACCESS-INSPECT-01 If a third party access control product is used to grant access to INSPECT running as an application owner or other privileged userid , these commands may need to be restricted for certain users.
| Discovery Questions | Look here: | |
|---|---|---|
| PROCESS-IMON-01 | Is the $IMON process running? | Status |
| PROCESS-DMON-01 | Are the $DMnn processes running? | Status |
| PROCESS-INSPSNAP-01 | Are the $ZSSnn process running? | Status |
| OPSYS-OWNER-01 | Who owns the IMON file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the DMON file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the INSPECT object file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the INSPMSG file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the INSPSNAP file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the INSPLOCL file? | Fileinfo |
| FILE-INSPECT-01 | Is the IMON object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-INSPECT-02 | Is the DMON object file secured correctly? | Fileinfo |
| FILE-POLICY | Who is allowed to execute INSPECT on the system? | Policy |
| FILE-POLICY | Is Visual Inspect used by PC users? | Policy |
| FILE-INSPECT-03 | Is the INSPECT object file correctly secured with Guardian or Safeguard? | Fileinfo Safecom |
| FILE-INSPECT-04 | Is the INSPMSG file secured correctly? | Fileinfo |
| FILE-INSPECT-05 | Is the INSPSNAP object file secured correctly? | Fileinfo |
| FILE-INSPECT-06 | Is the INSPLOCL file secured correctly? | Fileinfo |
Related Topics
Compilers
Securing Applications
