Command-line Configuration of Maple Engine Security - Maple Programming Help

Online Help

All Products    Maple    MapleSim


Home : Support : Online Help : Configure Maple : Customize the Maple System : Configure Maple Engine Security Settings : EngineSecurity/CLIConfig

Command-line Configuration of Maple Engine Security

 

Summary of Command-line Options

Description of Command-line Options

Examples

File Specification

Summary of Command-line Options

• 

maple accepts the following command-line options for configuration of security:

-z

use the default security settings

--secure-read=<file>

add to the inclusion specification for readable files

--secure-noread=<file>

add to the exclusion specification for readable files

--secure-write=<file>

add to the inclusion specification for writable files

--secure-nowrite=<file>

add to the exclusion specification for writable files

--secure-extcall=<file>

add to the inclusion specification for loadable external libraries

--secure-noextcall=<file>

add to the exclusion specification for loadable external libraries

--secure-readspec=<file>

read the specifications for readable files from the given files

--secure-writespec=<file>

read the specifications for writable files from the given files

--secure-extcallspec=<file>

read the specifications for loadable external libraries from the given files

--secure-syscall[=enable|disable]

enable (disable) calls to system/ssystem

--secure-mode[=enable|disable]

enable (disable) security.

• 

These options are processed in the order in which they are specified on the command line, from left to right. This allows for easy modification of the default settings.

Description of Command-line Options

• 

For more information on how inclusion and exclusion specifications are used, see the Maple Engine Security help page.

• 

-z

    Use the default security settings, which includes:

– 

disabling all write access

– 

disabling calls to the system

– 

disabling read access to everything except those files listed in libname and those files located immediately below directories listed in libname

– 

disabling external call access to everything except those files located immediately below the Maple bin.<platform> directory and any toolbox bin.<platform> directories.

• 

--secure-read=<file>

    Append the file to the list of inclusion specifications for readable files in the engine security settings. Roughly, this is a readable file.

• 

--secure-noread=<file>

    Append the file to the list of exclusion specifications for readable files in the engine security settings. Roughly, this is a non-readable file.

• 

--secure-write=<file>

    Append the file to the list of inclusion specifications for writable files in the engine security settings. Roughly, this is a writable file.

• 

--secure-nowrite=<file>

    Append the file to the list of exclusion specifications for writable files in the engine security settings. Roughly, this is a non-writable file.

• 

--secure-extcall=<file>

    Append the file to the list of inclusion specifications for loadable external libraries in the engine security settings. Roughly, this is a loadable library.

• 

--secure-noextcall=<file>

    Append the file to the list of exclusion specifications for loadable external libraries in the engine security settings. Roughly, this is a non-loadable library.

• 

--secure-readspec=<file>

    Read the file and append the contained specifications to the list of inclusion and exclusion specifications for readable files in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-writespec=<file>

    Read the file and append the contained specifications to the list of inclusion and exclusion specifications for writable files in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-extcallspec=<file>,...

    Read the file and append the contained specifications to the list of inclusion and exclusion specifications for loadable external libraries in the engine security settings. This option is a convenient method for passing complex specifications.

• 

--secure-syscall[=enable|disable]

    Enable or disable calls to system/ssystem. These calls are disabled by default if any other security option is given.

• 

--secure-mode[=enable|disable]

    Enable or disable security. Security is enabled by default if any other security option is given. Disabling security is convenient if you are only interested in testing how security command line options are processed.

Examples

    maple -z --secure-extcall=/foo/*

 

This command will run maple with the default security restrictions, but will also allow external call access to files immediately below /foo.

 

    maple -z --secure-mode=disable

 

This command will run maple with the default security settings, but security will be disabled. This allows you the inspect the security settings without applying them.

File Specification

• 

For more information on file specifications, see the File Specifications for Maple Engine Security help page.

See Also

Engine Security

Engine Security,FileSpec

Engine Security,GUIConfig

Security