Sorry to reply to myself, but I wanted to add one note to this, and
didn't, which pertains to the "rename" versus "update" part of
protections in TOPS-10, and perhaps was a bug that was never fixed, or
it was, and I didn't know it.
In TOPS-10, you use the monitor call ENTER to update (write to) an
existing file. It uses a common argument list with LOOKUP and I think a
few other calls, that include the file name and extension. If a file had
a 4 protection code for you, you could LOOKUP the file, then ENTER it
with a different filename, and the filename would change, effectively
renaming the file which you would think required a 1 protection code.
You could also, if I recall correctly, specify a different protection.
The significance of this? Many installations put files in SYS: ([1,4])
that had a 4 protection code so they could be written to by various
applications users ran, or it was an oversight by a system
administrator. Using DDT, one could easily whip up a short piece of code
to rename any file in SYS: that had a 4 protection code, rename it to a
.SAV or .SHR (if it needed a highseg) and basically "hide" behind
another program, such as LOGIN.EXE (When EXE was introduced, I think in
version 6, TOPS-10 still supported .SAV, .SHR, and .HGH but would
attempt to run the .EXE first if you didn't specify an extension).
Certain programs in SYS: like LOGIN had JACCT privileges - full rights
to everything, including device I/O. So, find a writable file in SYS:,
rename it to LOGIN.SAV, copy PIP over it, or something you cobbled up
yourself, and take over the system without causing any other issues
except that missing writable file.
JACCT priv was much like "setuid" in UNIX - except it was a hardcoded
list of filenames in the monitor (I think mostly or exclusively in SYS:)
that would get carte blanche access to everything. I believe by version
7, some programs had been deprecated out of SYS, but they still existed
in the JACCT list in the monitor.
And boy, there were a lot of systems out there on Telenet or the ARPANET
that had files in SYS: protected with a 4. Side note: Telenet was BBN's
attempt to create a private sector ARPANET.
- A late night dumpster dive at
Radio Shack in the very early 80's got me a local dialin number.
Sorry for the lengthy dissertation :)
On 7/31/2019 1:29 PM, Arthur Krewat wrote:
TOPS-10 had a 3 octal digit file protection code:
<xxx> - <Owner, Project, Everyone else> - Logins are PPNs - [Project,
Programmer] - So if I was [76,5], another user with [76,10] was in the
same project. Much like UNIX groups.
Owner Protection Codes
7*, 6* - You can execute, read, or change the protection code of the
5* - You have unlimited access to the file, except for renaming it.
4* - You have unlimited access to the file.
3 - You can execute, read, or change the protection code of the file.
2 - You have unlimited access to the file, except for renaming it.
1, 0 - You have unlimited access.
* The File Daemon is called on a protection failure on this file (my
memory is a little fuzzy on this, but I believe it allowed finer
Protection Codes for Fields 2 and 3
7 - The user cannot access the file.
6 - The user can only execute the file.
5 - The user can execute or read the file.
4 - The user can execute, read, or append to the file.
3 - The user can execute, read, append to, or update the file.
2 - The user can execute, read, append to, update, and write to the file.
1 - The user can execute, read, append to, update, write to, and
rename the file.
0 - Unlimited access, including changing the protection code of the file.
The name TOPS-10 was first used in 1970, but the monitor itself dates
back to 1964. I'm not sure when these protection codes came into