briggs%gburg.DECnet@BLUTO.SCC.COM ("GBURG::BRIGGS") (06/30/87)
>It's my understanding that ANYONE can issue a CHMK instruction successfully. >(not to be confused with a successful call to the similar system service...) >Exactly what is the difference in the two ? What actually requires the >CHMKNL privilege ? > Executing the CHMK instruction triggers an interrupt. The interrupt is handled (in kernel mode) and control is transferred to the system service dispatcher. The 16 bit operand that is specified with the CHMK instruction is used as an index into a table of system service routine addresses. Positive numbers are standard system services and negative numbers are user written system services. The $CMKRNL service like all system services is called through a transfer vector in P1 space (it used to be S0 space, but they changed it). You issue a CALL instruction to a small code segment. The code segment then performs a CHMK or CHME instruction with the appropriate 16 bit operand to select the desired system service. The system service dispatcher mentioned above then gains control in kernel mode and branches to the selected service routine. In the case of the $CMKRNL service, the service checks to make sure the user has privilege and, if so, does a CALL to the subroutine specified in the user's argument list. The net effect of the CHMK instruction is that you get into kernel mode, but VMS controls what code gets executed once there. Thus no privilege need be required. The net effect of the $CMKRNL service is that your own subroutine gets executed in kernel mode. Thus privilege is required to keep the system secure. John Briggs Arpa: BRIGGS@BLUTO.SCC.COM Ma: (301)840-4932 Snail: Contel ASD 1300 Quince Orchard Blvd Gaithersburg, MD 20878 ------