HP Visualize J5000 hp workstations - hp-ux 10.20 graphics administration guide - Page 149

An applies to all that follow it, until the next is encountered. Thus, "irwad" means "ignore read and write, allow delete." GetProperty and RotateProperties may do multiple operations (r and d, or r and w). If different actions apply to the operations, the most severe action is applied to the whole request; there is no partial request execution. The severity ordering is: allow < ignore < error Thus, if the for a property are ired (ignore read, error delete), and an untrusted client attempts GetProperty on that property with delete=True, an error is returned, but the property value is not. Similarly, if any of the properties in a RotateProperties do not allow both read and write, an error is returned without changing any property values. Here is an example security policy file. version-1 # Allow reading of application resources, but not writing. property RESOURCE_MANAGER root ar iw property SCREEN_RESOURCES root ar iw # Ignore attempts to use cut buffers. Giving errors causes apps to crash, # and allowing access may give away too much information. property CUT_BUFFER0 root irw property CUT_BUFFER1 root irw property CUT_BUFFER2 root irw property CUT_BUFFER3 root irw property CUT_BUFFER4 root irw property CUT_BUFFER5 root irw property CUT_BUFFER6 root irw property CUT_BUFFER7 root irw # If you are using Motif, you may want these. property _MOTIF_DEFAULT_BINDINGS root ar iw property _MOTIF_DRAG_WINDOW root ar iw property _MOTIF_DRAG_TARGETS any ar iw property _MOTIF_DRAG_ATOMS any ar iw property _MOTIF_DRAG_ATOM_PAIRS any ar iw # The next two rules let xwininfo -tree work when untrusted. property WM_NAME any ar # Allow read of WM_CLASS, but only for windows with WM_NAME. # This might be more restrictive than necessary, but demonstrates # the facility, and is also an attempt to Page 149 Graphics Administration Guide for HP-UX 10.20