Someone developing an application for a protected
subsystem must link the application images without the /DEBUG or /TRACEBACK
Although this kind of subsystem often precludes
the need for privilege, applications can be installed with privilege.
For example, some applications may need the PRMGBL privilege to create
permanent global sections, or they may need the AUDIT privilege to
send security audit records to the system security audit log file.
HP does discourage the installation of a protected subsystem application
with privileges in the All category. This category includes such privileges
as BYPASS, CMKRNL, and SYSPRV---privileges that allow a user to subvert
OpenVMS access controls. See “OpenVMS Privileges” for a list of OpenVMS privileges
and “Assigning Privileges” for a description
of the privileges.
Subsystem designers need to generate a list of
identifiers that are necessary for it to operate as intended. Then
the designers approach you, as the security administrator, to make
the preparations described in “System Management Requirements”.