[HECnet] Tops-20 ANONYMOUS FAL Preliminary Testing Results/DAP Query

Thomas DeBellis tommytimesharing at gmail.com
Fri Dec 20 16:07:44 PST 2019 

Yes, Unix' ls does have its unique ideas...  I was forced to implement 
some of them as certain brain-damaged FTP clients think that when are 
you speaking to an FTP server which claims TVS compliance (I.E., Tops-20 
Extended Mode FTP), that you must be Unix and be able to shell out.  
They literally issue the ls directly over the control channel instead of 
the RFC959 compliant STAT or LIST verbs!  No where is this documented in 
any RFC; you've got to snoop the line.  Grrr...

But we may be talking apples and oranges; there is a difference between 
VMS requesting a listing of a locally attached file system (or even in a 
cluster) and using DAP.  My guess is that DAP only allows one response 
per command; that quite different from the previous case where you are 
free to whine about each file.

Tops-20 directories are quite different animals than either Unix or 
Windows, both in implementation and semantics.

I will follow up with you off list concerning tests with RSTS, perhaps 
over the weekend when I'm finished figuring out what to do.

I have some very fond memories of the RSTS system at Columbia. It was 
our first experiment in time sharing technology before we acquired 6 
DECSYSTEM-20's.  The RSTS system was an 11/50 running RSTS/E and it was 
a fabulous base for introductory programming. A number of us were sad to 
see it go as opposed to being replaced with an 11/70, but we had to put 
a 20 there.

> ------------------------------------------------------------------------
> On 12/20/19 1:33 PM, Paul Koning wrote:
>> On Dec 20, 2019, at 1:12 PM, Thomas DeBellis <tommytimesharing at gmail.com> wrote:
>>
>> I have been working with a kind volunteer who is using OpenVMS Alpha.  It's been quite productive.
>>
>> While I haven't run into any security exposures, yet, the experience has enabled me to find a few things to tweak up.  For example, the VMS logging and reporting was clearly superior to what was being put in the FAL log (which wasn't even timestamped and didn't have the requested file name).
>>
>> We ran into some interesting behavior.  When ANONYMOUS access is restricted to the stand-in user and its subdirectories, wildcard listing requests that are outside of that lexical scope do not report any errors but rather return zero files (none).  That was puzzling because the part of the code that did the access check was clearly doing the reject with appropriate return values.
> Not clear if that's an error.  In RSTS at least, if you asked for a list of files, you'd be given the subset of files that you have read access to.  Files for which you have no permission would appear nonexistent.  This is rather different from the behavior in Unix, which shows you all files in a brief listing, and a pile of error messages in a long listing.
>
> Whether VMS follows the same model I'm not sure.  It's a bit more work in systems like RSX or VMS, which like Unix separate directory names from the underlying file object where the permissions live.
>
>> Further analysis showed that in the main loop for stepping wildcards, a reject causes the file in question to be skipped; nothing is actually done with the return values.  I believe this may be intended behavior for two reasons.  The first is that if the wildcard includes files to which the ANONYMOUS user does legitimately have access, it's friendlier to report those as opposed to stopping everything.
>>
>> The other reason I believe has to do with DAP itself; I don't think you can't return more than one return value per ACCESS request, even with a wildcarded file specification.  So perhaps this isn't a bug so much as an unintended consequence?  Does anybody know what the behavior should be?
>>
>> At any rate, I don't believe the current behavior is 'informative'.  What I'm thinking of doing is saving the last error code and returning that if the count of files returned in list is zero.  Otherwise, the user had something to look at.
>>
>> Do I have any volunteers who operate something besides VMS?  I'd be interested in RSX(+), IAS, RSTS and OS-8.  They never did DECnet on RT-11, did they?
> I can offer help with RSTS.  Yes, there is DECnet/RT11, but I don't know if we have any on HECnet or if the code has even been preserved.
>
> 	paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20191220/c393183e/attachment.html>

More information about the Hecnet-list mailing list