The Question is:
According to the VMS Security Manual the SECURITY_POLICY parameter disables
certain unevaluated operating system components.
My two questions are,
1. What impact does this parameter have on the system files and user generated
2. What impact does this parameter have on the overall system when it is set to
0(zero) or 71 (seventy one)?
The Answer is :
1: No effect.
2: Please see the documentation.
SECURITY_POLICY allows a system to run in a C2 or B1
configuration and subset out particular pieces of functionality
that are outside of the evaluated configuration or to preserve
compatibility with previous versions of the operating system.
See the OpenVMS Guide to System Security for further information
about the C2 and B1 evaluated configurations.
The following bits are defined:
0 Allows DECwindows to display PostScript extensions
1 Allows multiple user names to connect to DECW$SERVER
2 Allows unevaluated DECwindows transports (such as TCP/IP)
3 Allows $SIGPRC and $PRCTERM to span job trees
4 Allows security profile changes to protected objects on
a local node when the object server is absent and cannot
update the cluster database VMS$OBJECTS.DAT
5 Allows creation of protected objects on a local node when
the object server is absent and cannot update the cluster
6 Allows SPAWN or LIB$SPAWN commands in CAPTIVE accounts
The default value of 7 preserves compatibility with existing
DECwindows Motif behavior. A value of 0 disables all unevaluated