Command-line Configuration of Maple Engine Security - Maple Programming Help

Online Help

All Products    Maple    MapleSim


Home : Support : Online Help : Configure Maple : Customize the Maple System : Configure Maple Engine Security Settings : EngineSecurity/CLIConfig

Command-line Configuration of Maple Engine Security

 

Summary of Command-line Options

Description of Command-line Options

Examples

File Specification

Summary of Command-line Options

• 

maple accepts the following command-line options for configuration of security:

-z

use the default security settings

--secure-read=<spec>,...

add to the inclusion specification for readable files

--secure-noread=<spec>,...

add to the exclusion specification for readable files

--secure-write=<spec>,...

add to the inclusion specification for writable files

--secure-nowrite=<spec>,...

add to the exclusion specification for writable files

--secure-extcall=<spec>,...

add to the inclusion specification for loadable external libraries

--secure-noextcall=<spec>,...

add to the exclusion specification for loadable external libraries

--secure-readspec=<file>,...

read the specifications for readable files from the given files

--secure-writespec=<file>,...

read the specifications for writable files from the given files

--secure-extcallspec=<file>,...

read the specifications for loadable external libraries from the given files

--secure-syscall[=enable|disable]

enable (disable) calls to system/ssystem

--secure-mode[=enable|disable]

enable (disable) security.

• 

These options are processed in the order in which they are specified on the command line, from left to right. This allows for easy modification of the default settings.

Description of Command-line Options

• 

For more information on how inclusion and exclusion specifications are used, see the Maple Engine Security help page.

• 

-z

    Use the default security settings, which includes:

– 

disabling all write access

– 

disabling calls to the system

– 

disabling read access to everything except those files listed in libname and those files located immediately below directories listed in libname

– 

disabling external call access to everything except those files located immediately below the Maple bin.<platform> directory and any toolbox bin.<platform> directories.

• 

--secure-read=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of inclusion specifications for readable files in the engine security settings. Roughly, this is a list of readable files.

• 

--secure-noread=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of exclusion specifications for readable files in the engine security settings. Roughly, this is a list of non-readable files.

• 

--secure-write=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of inclusion specifications for writable files in the engine security settings. Roughly, this is a list of writable files.

• 

--secure-nowrite=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of exclusion specifications for writable files in the engine security settings. Roughly, this is a list of non-writable files.

• 

--secure-extcall=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of inclusion specifications for loadable external libraries in the engine security settings. Roughly, this is a list of loadable libraries.

• 

--secure-noextcall=<spec>,...

    Append the list of file specifications (<spec>,...) to the list of exclusion specifications for loadable external libraries in the engine security settings. Roughly, this is a list of non-loadable libraries.

• 

--secure-readspec=<file>,...

    Read each file in the list <file>,... and append the contained specifications to the list of inclusion and exclusion specifications for readable files in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-writespec=<file>,...

    Read each file in the list <file>,... and append the contained specifications to the list of inclusion and exclusion specifications for writable files in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-extcallspec=<file>,...

    Read each file in the list <file>,... and append the contained specifications to the list of inclusion and exclusion specifications for loadable external libraries in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-syscall[=enable|disable]

    Enable or disable calls to system/ssystem. These calls are disabled by default if any other security option is given.

• 

--secure-mode[=enable|disable]

    Enable or disable security. Security is enabled by default if any other security option is given. Disabling security is convenient if you are only interested in testing how security command line options are processed.

Examples

    maple -z --secure-extcall=/foo/*

 

This command will run maple with the default security restrictions, but will also allow external call access to files immediately below /foo.

 

    maple -z --secure-mode=disable

 

This command will run maple with the default security settings, but security will be disabled. This allows you the inspect the security settings without applying them.

File Specification

• 

For more information on file specifications, see the File Specifications for Maple Engine Security help page.

See Also

Engine Security

Engine Security,FileSpec

Engine Security,GUIConfig

Security

 


Download Help Document

Was this information helpful?



Please add your Comment (Optional)
E-mail Address (Optional)
What is ? This question helps us to combat spam