1
2 09/23/87 as
3 Known errors in the current release of as.
4 # Associated TR's
5 Description
6
7 559 phx20928
8 If a daemon attempts to send a large amount of data such as a
9 multi-segment file to the message coordinator message segment, the
10 daemon process and subsequently the initializer process get terminated
11 via an any_other handler invoked due to a out_of_bounds condition when
12 the message segment gets filled up.
13
14 557 phx17133
15 Absentee qres values need to be recomputed whenever abs_maxu changes.
16 When "abs maxu auto" has been specified, abs_maxu can change whenever
17 attempting to schedule a new job. load_ctl_'s set_abs_maxu procedure
18 should be changes to recompute abs qres values for each queue.
19
20 553 phx14788
21 A negative dollar amount is computed when a user runs up a large number
22 of vcpu time.
23
24 552 phx18230
25 If new_user is called to change an attribute which does not effect the
26 mail_table_, mail_table_priv_ is still called to look for mail table
27 entry. This can cause problems if the administrator does not have
28 proper access to mail_table_priv_ as may be the case where a site has
29 designated administrators for different areas of the system. There are
30 some user attributes which do not effect the mail_table_.
31
32 551 phx14789
33 Output of system_monthly_report shows an inconsistancy in the number of
34 crashes that is reported.
35
36 550 phx18792
37 "write_user_usage_report" calculates the "-to" date incorrectly in some
38 cases.
39
40 544
41 On a successful dialin to an anonymous dial server the AS message
42 doesn't have the asterisk on the dial server name. It reads
43 "ignored.Sectest_4.TestProj" instead of "*ignored.Sectest_4.TestProj".
44
45 543
46 The lg_ctl_ msg "raised initial ring for TestProj.TestProj..." for
47 anonymous users does not include the * in front of TestProj. Also for
48 lowering rings.
49
50 542
51 When the tries field of the installation parameters is set to 3, the
52 lg_ctl_ message "too many bad passwords..." is appearing in the log
53 after every other bad password instead of after every third one.
54
55 541
56 The user message facility will allow a user to retrieve a message
57 destined for a lower ring if the user knows the message ID.
58
59 In fact, the only access checks being done are AIM checks.
60
61 The user_message_$read_message entrypoint did not correctly perform
62 access checks when the user specified a message via its message id.
63 Also, various security attributes about the message were not correctly
64 returned to the user. Finally, the ability to delete-on-read did not
65 correctly function for messages specified by message id.
66
67 540
68 Due to the remnants of the PL/I compiler's padded reference bug,
69 dial_ctl_ was unable to reliably use the required_access_class
70 information for STY channels.
71
72 539
73 When a user attempts to priv_attach a channel, the answering service
74 compares channel access class information in the CDT with the user's
75 process authorization. However, it takes no steps to guarantee that
76 the information in the CDT is up-to-date, and indeed, in many
77 situations this information will not be correct. The erroneous
78 assumptions can cause channels to be attached when AIM restrictions
79 should prevent it, as well as situations where channels will be denied
80 attachment when AIM should permit the attachment.
81 The priv_attach request does not perform a get_required_access_class
82 control order before attaching the channel.
83
84 538
85 With the rings in the PDT at 4,6,6 and the rings in the SAT at 4,5, an
86 attempt to log in at the default ring is denied with an audit message
87 saying that the ring was lowered from 6 to 5. It should have been
88 granted at the lowered ring.
89
90 537
91 When a slave-service channel hangs up, its current_access_class_valid
92 flag is not reset. This prevents processes from attaching it at any
93 access class other than the access class it was first attached at.
94
95 536
96 The Answering Service allows a login when the user's access on the
97 channel ACS is incomplete e.g. R_ACCESS or W_ACCESS.
98 It should check for RW effective access to the ACS.
99
100 535
101 The Answering Service com_channel_info request does not audit when it
102 denies a request.
103
104 534
105 The Answering Service process_termination_monitor request does not
106 audit when it denies a request.
107
108 533
109 The Answering Service note_pnt_change request returns a zero status
110 code even when it denies the request though the deny is correctly
111 logged.
112
113 532
114 The Answering Service daemon_command request returns a zero error code
115 even when it denies the request though the DENY is correctly logged.
116
117 531
118 The terminate_dial_out request, unlike the others including the
119 release_channel request does not check for the dialok atttribute. It
120 also does not send a "contrl" message. All dial_ctl_ requests are
121 supposed to send acknowlegement "contrl" IPC messages.
122
123 The dial_out request checks to see if the channel is in use before
124 checking the service type of the channel, producing an incorrect error
125 message for login service channels.
126
127 530
128 The access check made for communications channels is supposed to
129 require RW access to the ACS segment in >sc1>rcp. It currently allows
130 access to the channel if the user has any non-null access to the ACS
131 segment. The fix is to require RW access.
132
133 529
134 The variable which holds the textual added info in the communications
135 channel audit messages is too short to include the entire error
136 message. The fix is to increase this character string variable from
137 100 characters to 256.
138
139 528
140 The module which performs access auditing in the answering service,
141 as_access_audit_, fails to correctly set the grant flag in the binary
142 audit header logged in the answering service log. Although the
143 GRANTED/DENIED messages are correct in the messages, the binary flag is
144 inconsistent with this message -- automated tools therefore fail to
145 pick up the DENIED-type messages. The functional tests fail as a
146 result.
147
148 527
149 In MR11, when a communications channel hangs up, a LOGOUT message is
150 audited if the channel underwent a Identification and Authentication
151 I&A, that is, if a userid/password was supplied during preaccess
152 login dial slave time. Due to the use of a common entry in
153 dial_ctl_ and the way autocall dial_out channels are terminated, the
154 system attempts to audit a LOGOUT message for all autocall channels, as
155 well as slave/dial channels. The resulting message looks something
156 like:
157
158 LOGOUT . int a.h000 hangup
159
160 since there is no userid/projectid associated with the autocall
161 channel. The fix is to have dial_ctl_$dial_term distinguish between
162 autocall and slave/dial channels.
163
164 526
165 The PNT software does not follow the normal access model due to details
166 of its internals and the fact that it depends on MSF software. Certain
167 error codes are not as might be expected, and some operations behave in
168 non-obvious ways. No actual security holes are believed to exist,
169 however.
170
171 525
172 No message of the form "Your authorization is ..." is displayed when
173 you reconnect to a process which is not at system_low.
174 Move "Your process authorization is..." message from act_ctl_ to
175 dialup_.
176
177 524
178 Messages placed in the AS user message message segment by the
179 Initializer process have null process ids.
180
181 523
182 Due to the incorrect setting of a variable in the AS user message
183 database header, certain entries in this database can become
184 inaccessible when other entries are deleted.
185
186 522
187 Due to the new kernelized message segment software changes, some
188 security critical process idenfication information is not stored
189 correctly in the "user message" database, implemented as a message
190 segment. Because of this, those who retrieve the messages from the
191 database get garbage in the secure sender information. This facility is only
192 used by the get_com_channel_info_ subroutine in MR11 and therefore has
193 no serious side effects. The fix however involves filling in more
194 information in the call to mseg_ which specifies the access properties
195 of the calling process.
196
197 521
198 When a user new_proc's to a different AIM level the "DESTROY" audit
199 message claims that the old process authorization was the destination
200 level.
201
202 520 phx19955
203 The initializer command "abs bump absX" leaves the request in the queue
204 as "running". It should update the request to be "bumped". See AS
205 31.
206
207 516 phx18591
208 If the "-destroy" and "-hold" control arguments are used on the login
209 command line, the process is destroyed but the line is not held. If,
210 however, the "destroy -hold" request is used at the disconnected
211 process prompt, the line is held correctly.
212
213 515 phx19596
214 The module syserr_log_man_ needs a record_quota_overflow handler around
215 the code which acutally copies the syserr_log. Currently, if it gets a
216 record_quota_overflow condition, it causes an asdump. It should print
217 a message on the bootload console instead.
218
219 514 phx19595
220 The module sc_process_command_line_ needs an io_error condition handler
221 so that if the communications channel on which a command has been
222 entered hangs up, the request line can be aborted. Currently, an
223 asdump results.
224
225 513 phx19594
226 The is_legal_proj active function should allow it's being invoked as a
227 command. If it is invoked as a command, an absurd error message about
228 wrong number of arguments is displayed. At the very least it should
229 diagnose it's invocation as a command and print an error message.
230
231 512 phx19586
232 The substty command is broken in MR11. It no longer allows one to
233 redirect MC messages from the bootload console to another MC terminal.
234 This is due to a coding error which causes an attempt to reference
235 through an invalid cdte pointer.
236
237 511 phx19584
238 The module mc_tty_ fails to set the version number in the terminal_info
239 structure prior to issuing the terminal_info control order. This will
240 cause this call to always fail resulting in this code's loopoing.
241
242 509 phx19585
243 The subroutine get_com_channel_info_ returns an unimformative error
244 message when an attempt is made to get info on a channel not attached
245 to the calling process. It would appear that the AS does no auditing
246 of attempts to get info on channels not attached to the calling process
247 as a second issue.
248
249 508 phx19583
250 Slave channels which have been accepted and then dropped hang up
251 permanently, rather than receiving a new login banner. Note that this
252 refers to using the "accept" and "drop" operator commands.
253
254 507 phx19570
255 The operator command "bump UserA" results in the error message:
256 bump: error: is not a valid Person.Project
257
258 This is because of a coding error in the internal procedure
259 get_pers_proj of admin_. The bump command, as well as all its brothers
260 and sisters, need to be completely rewritten. admin_ is a mess.
261
262 506 phx19557
263 The program pnt_fs_util_$create, called by create_pnt, enables the
264 keep_meters flag in the MSTB header. It shouldn't, since not all
265 processes which have R access to the PNT also have RW access.
266
267 504 phx19468
268 reset_proj may leave PDT entries locked, lacks a cleanup handler, has a
269 myriad of other problems and should be rewritten.
270
271 503 phx19474
272 If you attempt to connect to a process with a higher authorization when
273 a lower one was specified on the login command line, get refused, and
274 then attempt to specify the higher authorization on the login command
275 line, the login is rejected due to a sticky single class access class
276 not being reset to the login channel access class range.
277
278 502 phx19459
279 When new_user prompts for the Notes field in a change request, a null
280 response wipes out the old values of the Notes field rather than
281 leaving it alone. This is inconsistent with the normal meaning of a
282 null response.
283
284 501 phx19377
285 If a load_mpx fails because the channel id in the prph card is
286 incorrect, subsequent load_mpx and stop_mpx requests result in
287 seg_fault_errors.
288
289 500 phx19434
290 When logging in with disconnected processes and using the "list"
291 preaccess requests, all disconnected processes are displayed, even
292 those which AIM prevents the user from connecting to.
293
294 Further, if you specify "-ring" on the login command line, and you have
295 disconnected processes, the "list" command will display all processes
296 and allow you to connect to one of them even if the default ring for
297 that process is different from the one you specified on the login line.
298 The list command gives no indication of the default ring for the
299 process.
300
301 497 phx19301
302 The "-all" control argument to the "install" command is very confusing.
303 Things would be greatly simplified if it were removed entirely.
304
305 495 phx19388
306 When changing time zones, as in from EST to EDT, the b_and_w program
307 indicates that during the gap, the system was down.
308
309 493 phx19385
310 If the intercom command is sent via a send_admin_command, a null
311 pointer fault results since there is no mc_ate in this case.
312
313 492 phx19389
314 When ad administrator changes a passwords, the date/time password
315 changed field is not updated in the PNT. This may cause the first
316 attempted login to fail with a "password expired" message if the
317 relevant password expiration installation parameter is enabled.
318
319 491 phx19391
320 If you type "l my_name -cdp" when attempting to log in, dialup_
321 responds with "login: syntax is" without providing any further
322 information.
323
324 490 phx19383
325 The entry dialup_$reintroduce may provide a code path whereby an
326 attempt is made to use utep before it is initialized. This will cause
327 a fault and an answering service dump.
328
329 487 phx19300
330 write_user_usage_report does not display the grand summary report for
331 device charges.
332
333 486 phx19298
334 Specifying an illegal subsystem name on the login command line will
335 provoke a situation where the process cannot be fully created, but at
336 the same time cannot be destroyed. This uses up an APTE slot for the
337 duration of the bootload.
338
339 485 phx19303 phx19308
340 The initializer "disconnect" command does not work consistently. Some
341 times it does not work at all. Sometimes there are error messages,
342 other times none. This command should work either by userid or by
343 channel id just as the other commands work.
344
345 484 phx19241
346 The install command should be able to diagnose the specification of
347 unauthorized flags and values when PDTs are installed. Specifically,
348 if the PDT-to-be-installed specifies the "vinitproc" attribute, and
349 this attribute is not authorized for the project, the install atttempt
350 should at least send a warning message to the installer. There may be
351 other bad values/attributes which whould be detected as well.
352
353 483 phx19302
354 The audit messages associated with communications channels and dialids
355 include "DENIED" even when the reason for the failure has nothing to do
356 with security. There should be a differentiation between errors not
357 having to do with access checking and access control errors.
358
359 479 phx19261
360 There are several cases where dialup_ logs "ignored alarm___" messages
361 in the AS log. These are caused by bugs in this program. These should
362 be fixed. Additionally, if these cannot all be fixed, at least these
363 log messages should not cause a console alarm.
364
365 478 phx19252
366 write_billing_summary handles a blank requisition field incompatibly
367 with the other billing commands.
368
369 477 phx19249
370 The admin.ec "x repair" entry will fault and cause an AS dump if an
371 invalid directory is specified.
372
373 474 phx19234
374 Master directories which reside subordinate to directories without
375 terminal quota are not charged for.
376
377 472 phx19222
378 The program reset_use_totals assigns rate structure numbers based on
379 the first project encountered in the control file for that bin. If the
380 project has been deleted, or is not in the sat, then the default rate
381 structure number is used without any warning. It should use the rate
382 structure of the first valid non-deleted project in the control file
383 for the bin and should indicate if and when it uses the default value.
384
385 471 phx19221
386 While the program usage_total records misc charges in the use_totals
387 database, it does not include these charges in the dollar charge
388 figure.
389
390 469 phx19213
391 The send_daemon_command command, with the "quit" keyword will print the
392 error message "process lacks permission to alter device status" if the
393 process to which the quit is directed has not enabled quits. This is a
394 non-informative error message. In fact, the message coordinator
395 interface to the quit command returns the same error code; this should
396 be changed as well.
397
398 467 phx19198
399 absentee_user_manager_ can leave the answer table locked if it gets a
400 non-zero error code from the call to cpg_$cpg_abs.
401
402 466 phx18908
403 The MSF directory of the PNT should have ring brackets of 1,5 rather
404 than 1,1.
405
406 465 phx18546
407 The ed_mgt "v" request should not allow more than one project to have
408 "max_prim" set to -1. up_mgt_ should never install such an MGT.
409
410 464 phx17292
411 The list_output_request command seems to behave inconsistently when the
412 "-position" control argument is used and one lacks "r" access to the
413 queues. Sometimes it reports incorrect access, sometimes it doesn't.
414 In any case, it reports that there are no requests in the queue, even
415 if this is not true. See TR.
416
417 463 phx18988
418 If a user issues the "new_proc" request for a disconnected process, and
419 that process is already in the process of logging out due to
420 inactivity or fatal error the user receives the logout message rather
421 than just being given a new process i.e. like the result of a
422 "create".
423
424 462 phx18962
425 For a "login Userid -cpw" login, if the user inadvertently types his
426 proposed new password to the "Password:" prompt and types it again for
427 the "Password again:" prompt, the answering service gives the error
428 indicating that the two passwords were the same instead of one
429 indicating "pasword incorrect."
430
431 461 phx18958
432 Specifying "create -ns" in the login connect loop does not prevent the
433 start_up.ec from being executed in the new process.
434
435 459 phx18907 phx18997
436 The extended entry support for PNTs should include
437 get_user_access_modes support.
438
439 458 phx18874
440 The value of project.n_users gets out of sync when process creation
441 fails causing spurious error messages for subsequent logins.
442
443 456 phx18845
444 The cv_cmf command is not particulary friendly if a typo is made in
445 specification of minor devices. See TR for details.
446
447 453 phx18768
448 The cancel_abs_request command sometimes reports the wrong user-name
449 when indicating what request is cancelled. This only occurs, of
450 course, if the "-user" control argument is used.
451
452 452 phx18719
453 The print_pnt command new_user should check access to pnt_admin_gate_
454 before attempting to call it rather than bombing out with a
455 linkage_error.
456
457 449 phx18492
458 The cv_cmf command should not allow the specification of 300 baud
459 bisync channels since the hardware doesn't. Also, the cdt table
460 installation software should reject this as well.
461
462 447 phx18249
463 The cv_cmf command allows the specification of illegal channel numbers
464 like a.h232 in the CMF to be converted.
465
466 445 phx17703
467 The move_abs daemon output imft retrieval_request commands should
468 not, without explicit action, change the project of the request.
469
470 440 phx16963
471 The "-position" control argument to the list_abs_requests and friends
472 affects which entries will be displayed. See the TR for further
473 details.
474
475 439 phx16887
476 When the answering service grabs a terminal back from the user after a
477 fatal process error, it should do something about getting the
478 terminal's modes into a better state. When the terminal becomes
479 connected to the new process, it can be in a strage state and the user
480 may not know what to do to get it into a useable state again.
481
482 436 phx16308
483 The login command line "login Personid -cpw -cdp" provokes a syntax
484 error. There is nothing wrong with this command line. Yes there is.
485 -cdp requires a project. The error message sucks though.
486
487 435 phx16126
488 The list_abs output retrieval daemon imft_requests commands should be
489 more intellignet when supplied with multiple "-user" control arguments.
490
491 431 phx15571
492 It should be possible to delete an FNP from the CDT by reinstalling a
493 CDT with the FNP deleted. Currently, it just leaves the FNP in the CDT
494 with 0 configured subchannels.
495
496 428 phx15276
497 Control arguments, such as "-long" and "-brief" should positionally
498 overide previous control arguments rather than being declared
499 incompatible in the list_output_requests, list_abs_requests,
500 list_daemon_requests, etc. commands.
501
502 412 phx18528
503 ms_table_mgr_ needs an entrypoint which will return a list of all
504 entries which match a given string case-insensitively. This will allow
505 a solution for this TR to be implemented.
506
507 409 phx19058
508 The list_as_request program needs a "-admin" control argument to
509 display all user's requests, and its default action should be changed
510 to display only the calling user's requests.
511
512 407 phx19057
513 The as_request.ms messages segment should have "r" access set for
514 SysAdmin and SysMaint each time it is recreated i.e. each time the
515 answering service is initialized.
516
517 406 phx19102
518 Answerbacks should not be allowed to contain control characters.
519 ttt_info_, which already does some editing of the answerback terminal
520 id, should be changed to disallow various control characters.
521 Otherwise, the terminal ids ruin output displays of the "as_who"
522 command, and the initializer "who" command.
523
524 405 phx19032
525 The cv_pmf command should provide a warning when an attempt is made to
526 give the save_on_disconnect or disconnect_ok attributes to anonymous
527 users since these flags are not honored for anonymous users.
528
529 403 phx19014
530 When a process disconnects with save_on_disconnect enabled two LOGOUT
531 audit messages will be logged. One is logged at disconnect time, and
532 the other at inactivity bump time. This is confusing. Further, the
533 CPU-time/Charges figures do not appear consistent.
534
535 401 phx18882 phx20928
536 Attempting to perform a large amount of output on a message coordinator
537 terminal can cause the terminal to hang up and the bootload console to
538 be flooded with errors indicating the OOSB on mc.message. In MR11.0
539 systems, it can crash the system.
540
541 399 phx18693
542 If requested to operate on a volume that lacks the PD flag,
543 vacate_pdir_volume should query the operate to continue, not simply
544 refuse the request.
545
546 398 phx18694
547 The vacate_pdir_volume command, with the long option, is very verbose
548 and noisy beeps the console.
549
550 397 phx18546
551 The answering service install function screws up when installing an MGT
552 in which a max_prim value changes from -1 to some other value.
553
554 396 phx18323
555 When notifying a non system_low user that an "inactivity bump" has been
556 cancelled, the answering service causes an error message "dialup_:
557 Insufficient access to return any information..." to be logged. While
558 I haven't been able to reproduce this problem due to inactivity bump
559 times being inordinately long on CISL-SERVICE, I suspect that this
560 problem exists due to a similar problem already confirmed in error list
561 entry 395. I have confirmed that the notifications are being sent in
562 the error list entry 395 case, so I suspect that they are being sent in
563 this case as well.
564
565 This problem seems only to happen when the project directory, and
566 therefore the home directory containing the user's mailbox is non
567 system_low.
568
569 395 phx18322
570 When an non system_low process submits an absentee job, attempts by the
571 absentee facility to notify the submitting process of events because
572 of the "-notify" enter_absentee_request option or because of some
573 error result in the message "absentee_user_manager_: Insufficient
574 access to return any information. Unable to notify Person.Project of
575 absentee event".
576
577 The notification, however, is delivered to the submitting process.
578 Only the error message logged is invalid. This problem only occurs if
579 the project directory itself is non system_low, and hence the home
580 directory is non system_low.
581
582 394 phx18406
583 Since record_quota_overflows are explicitly enabled in as_init_, the
584 any_other handler in this module should be capable of handling a
585 record_quota_overflow condition and printing an appropriate message
586 which describes the directory which took the rqo. It currently doesn't
587 special case the rqo condition and therefore just prints the condition
588 name in the error message displayed on the console. Not very helpful
589 in diagnosing the problem.
590
591 393 phx18245
592 On some terminals, the printer_off sequence only applies to the current
593 line rather than until a printer_on sequence is sent. Because of this,
594 the password masking scheme used in dialup_ does not work on these
595 terminals since it sends a printer_off control order, prints a NL, and
596 then prompts for the password.
597
598 390 phx18201
599 The print_log command, when used with the "-nhe" control argument,
600 prints a trailer blank line. Since headers are inhibited, the
601 trailer should probably be as well.
602
603 386 phx17860
604 The amount of time that a line is "dialed" to a process rather than a
605 user being logged in over that line to the process is not added to the
606 dialed up time in the cdt.
607
608 385 phx17085
609 The Initializer warn function causes the user's terminal to double echo
610 afterwards, when the user was running video or emacs. A better
611 interface between blast and terminals and modes is needed.
612
613 381 phx17157
614 Certain faults occuring within absentee_user_manager_, prior to the
615 setting of ute.uprojp, cause the Initializer to enter an infinite fault
616 loop in its cleanup procedure.
617
618 379 phx11773
619 When the as hangs up a line, it should clear the pending terminal
620 buffers after printing "hangup". This helps avoid strange things such
621 as replaying pending input lines such as passwords.
622
623 378 phx17361
624 sweep does not correctly account/un-account master directory quota when
625 walking down a sub-hierarchy.
626
627 375 phx15593
628 A damaged pdt in >sc1>pdt will stop AS initialization in its tracks.
629
630 374 phx17081
631 >sc1>stat_seg should contain a lock to avoid conflicts between
632 copy_as_meters and as_meter_.
633
634 372 phx15774
635 The sweep command could help performance a lot by force deactivating
636 directories it no longer needs.
637
638 369 phx16754
639 If a user is in the process of reconnecting during a shift change, the
640 work class recomputation may conclude that the mgt is clobered due to
641 examining a partially initialized ute.
642
643 365 phx15956
644 If no start_up.ec can be found when starting a process, either the
645 process_overseer_ should so state or make the initial command line
646 null, instead of making the initial command line "exec_com" which then
647 gets an error.
648
649 361 phx15212
650 It is not possible to have daemons who do not have access to
651 system_privilege_ logged in at higher than system_low. This is because
652 the higher authorization process cannot write into >sc1>mc.message.
653
654 360 phx14301
655 Absentee jobs that are set into a different load control group than
656 their user is in interactively via the MGT parameters that treat
657 absentee jobs specially are counted against the load control limits of
658 their ORIGINAL group, instead of the group that they are shifted into.
659
660 358 phx16925
661 Answering service logging hardly ever logs the involved channel in
662 messages involving users. Int the days of mostly hardwired terminals,
663 this was OK. Nowadays, just logging terminal type and answerback is
664 useless. Channel names have to be added to the lg_ctl_messages.
665
666 356 phx16914
667 The message coordinator has no smarts with respect to over-filling Q's.
668 If an output Q's fills due to a termina that is dead, but cannot due
669 to lack of a DTR wire hang up, the AS will hang on it.
670
671 If a Q gets too deep the output should go someplace else.
672
673 354 phx16706
674 load_ctl_status has an ioa_ typo. See the TR for details.
675
676 353 phx16906
677 The post-crash PDT cleaner-upper seems to leave some
678 reconnection-oriented fields silly. See the TR for an example. This
679 analysis is incomplete.
680
681 352 phx16517
682 abs suspend/release destroys the CPU monitor corresponding to the max
683 vcpu specified for the job.
684
685 350 phx15243
686 as_meter_ uses a bogus declaration of config_deck and
687 consiquintiquentially only sees 64 cards.
688
689 348 phx15302
690 LINE_TELNET dim type should be invalidated.
691
692 345 phx14257
693 a fatal-process-error after a new_proc connect request causes logout.
694
695 335 phx14031
696 move_daemon absentee output_request may cause a request to change
697 projects without notifying the user.
698
699 331 phx13891
700 syserr_log_man_ should produce more informative asdumps.
701
702 330 phx13676
703 a command_query_ will blast out of admin mode.
704
705 329 phx13617
706 ed_installation_parms does not show fractions of cents when displaying
707 rates.
708
709 321 phx13620
710 usage_and_revenue does not support quoted groups properly.
711
712 319 phx13586
713 parse_login_line_ does not check the -po argument length correctly.
714
715 318 phx13605
716 daily_log_process and daily_syserr_process can only handle 100
717 selectors, and do not check that the limit is not exceeded.
718
719 316 phx13563
720 Users may create processes after the shutdown grace period begins.
721
722 312 phx13523
723 RQO on >sc1>rcp while installing rtdt is disastrous.
724
725 311 phx12531
726 asdumps timer_manager_err occur. Believed caused by intense absentee
727 logout activity.
728
729 310 phx13491
730 ed_installation_parms doesn't do very well with a specified path. In
731 addition, the -directory control argument is said to not function.
732
733 306 phx11695
734 sc_signal_handler_ should detect recursive invocations.
735
736 304 phx13395
737 The login_responder pit and initproc pdt fields should be longer.
738
739 300 phx12654
740 dial_manager_ should use some IPC mechanism which is isolated from
741 channels otherwise in use by the process. This requires dial_ctl_ to
742 maintain another IPC name per process.
743
744 299 phx13105
745 b_and_w report does not properly when the -week control argument is
746 specified and the report is crossing a month.
747
748 298 phx13106
749 print_projfile does not determine if there are misc charges correctly.
750
751 297 phx13103
752 The ttp request and -ttp login argument do not cause all the
753 attributes of the channel to be affected. For example, delays are not
754 set.
755
756 296 phx13079
757 user_info_ and system_info_ should use assign_.
758
759 292 phx12717
760 display_mstb does not calculate the number of free entries properly.
761
762 283 phx12311
763 The nopreempt attribute is not honoured.
764
765 281 phx12236
766 mr_ does not preserve the visual appearance of messages containing tabs.
767
768 280 phx11463
769 If an attached console is in admin mode and the terminal is
770 disconnected, cleanup should occur such that any program running which
771 is doing I/O is revoked, admin mode exited, etc.
772
773 278 phx12190
774 list_abs_requests does not show the entire resource string, only the
775 first 256 characters. This is caused by the declaration of the variable
776 'buffer'.
777
778 274 phx03725
779 message coordinator will happily 'use' a terminal which is on an FNP not
780 available IOM deconfigured to the system.
781
782 272 phx11424
783 Overflow of a message coordinator device queue will cause the MC to loop
784 on an out-of-bounds conditions filling >sc1 with asdumps.
785
786 271 phx05395
787 Message coordinator code 3 errors. disappearing destinations. other
788 travesties.
789
790 269 phx12001
791 dump_mrt does not report flags correctly.
792
793 268 phx05921
794 operator commands for channels can cause data-base corruption if used on
795 multiplexer channels.
796
797 266 phx11996
798 trm_ handler for absentee says that the reason for termination will be
799 sent by Multics mail. It is really sent as a message.
800
801 262 phx11931
802 return_tty_to_mc_ does not mask ipc signals during operations on
803 user_i/o.
804
805 260 phx11857
806 I/O daemons need to be able to determine the rate_structure of a user
807 without having access to the SAT. Documentation needs to be improved on
808 the access required to rate_structure_? segments, etc.
809
810 258 phx11957
811 enter_abs_request does not check a -rsc string. It's not clear that
812 there is a facility for this at MR9 time.. The absentee manager does
813 not detect the fact that an attempt to run a job with an invalid -rsc
814 string has occured, and continues to attempt to run the job
815 periodically. each time an error occurs processing the -rsc string.
816
817 257 none
818 Inactive calculation for disconnect processes should use the time of
819 disconnection instead of activity times. This would cut a disconnected
820 process properly, even if it is sometimes active for copying ITT
821 messages.
822
823 255 phx11303
824 When calculating MTBF, the system routines should use the formula
825 MTBF<-TIME/CRASHES rather than MTBF<-TIME/CRASHES+1.
826
827 253 phx04883
828 The crank should not delete the backup copies of the RCPRM registries
829 until it finishes making the new ones successfully.
830
831 252 phx11654
832 disk_usage_stat assumes that a directory will have no more than 2000
833 names in it. It faults if one has any more.
834
835 250 phx11320
836 process creation failure may cause looping, attempting to create a
837 process.
838
839 246 phx11193
840 accounts_overseer_ does not handle signalling the program_interrupt
841 condition properly. It should do a 'start' if the pi handler returns.
842
843 244 phx10248
844 the bills should show the actual dates of the billing period, rather
845 than some values which more-or-less indicate the first and last use of
846 the project within a billing period. It might be useful to DEFINITELY
847 calculate those values too.
848
849 243 phx05916
850 There should be a good interface for controlling message coordinator
851 terminal output
852
853 240 phx06594
854 sweep accumulates space used figures for zero quota accounts if a
855 directory has one but not both segment and directory quota.
856
857 232 phx00617
858 as_meter_ computes some meters incorrectly.
859
860 226 phx10082
861 dialup_ fumbles trm_ response, other wakeups
862
863 212 phx09391
864 Absentee jobs terminated because max. CPU time is exceeded do not have
865 their 'finish' handlers executed. Same for command environment
866 re-entry.
867
868 202 phx05894
869 AS should do a number of resetreads: before answerback, after bad login
870 word, etc.
871
872 197 phx07557
873 daemon login does not honour -ns. Actually it does not report that
874 access prohibits use of -ns.
875
876 181 phx08314
877 The 'load control group full' message prints even if -force is given.
878
879 177 phx06103
880 new_proc does not reset all terminal modes.
881
882 146 phx06661
883 Shifts >4 cause ed_mgt to fail.
884
885 144 phx06524
886 Initialization should be retryable after failure.
887
888 142 phx07052
889 Some modules are missing syserr message documentation operator error
890 message documentation.
891
892 140 phx06545
893 Some messages from daemon_user_manager_ are improperly split when they
894 are too long for one log entry.
895
896 130 phx05583
897 Foreground absentee count can be inaccurate while absentee_user_manager_
898 is running.
899
900 128 phx01993
901 warn uses tty_write_force which can crash system if over-used.
902
903 115 phx02738
904 x repair should check its arguments more carefully.
905
906 108 phx02237
907 delete_proj never cleans up deleted projects.
908
909 101 phx04353 phx04502 phx04353 phx05755 phx06168 phx07280
910 The messages sent to users when another instance logs in are not
911 handled properly. Some way to notify the current user reliably without
912 disturbing what he is doing needs to be designed.
913
914 91 phx04853
915 There are race conditions in the process preservation mechanism.
916
917 82 phx03997
918 FG absentee jobs waiting on resources will sometimes not be checked
919 often enough.
920
921 63 phx05545
922 Changes in quota structure between the diskreport and the bill accept
923 can cause storage to be charged twice.
924
925 61 phx05452
926 The answer table lock is sometimes left set, requiring a force_reset to
927 do installs.
928
929 50 phx05278
930 Disconnected processes sometimes get fatal errors on attempts to release
931 through the sus_signal_handler_ frame. Hardcore error 154.
932
933 46 phx04853
934 Process preservation data bases can get into an inconsistent state.
935
936 45 phx04792
937 Error messages can be lost because a resetwrite is done after printing
938 the error message and before returning to the user.
939
940 43 phx04608
941 Proxy absentee jobs are inaccessible to the user on whose behalf they
942 were submitted. Messages for proxy jobs should be sent to proxy user
943 and the submittor.
944
945 42 phx04706
946 Disconnected processes still accept messages.
947
948 37
949
950
951 35 phx04175
952 There is no way to list channels dialed to your process. See AS 089.
953
954 31 phx04017 phx05411 phx06240
955 Bumped absentee jobs are often marked as running in the queues. This
956 may reflect on -restart, as well.
957
958 28 phx03894
959 HELP pre-access request is not documented.
960
961 27
962
963
964 26 phx03553
965 Messages from the AS can be lost if the user does a reset_write.
966
967 25 phx03486
968 edit_proj cannot remove an alias from a project.
969
970 22 phx03291 phx08499
971 mar to a queue with a lower CPU time limit can cause a job to be
972 deferred indefinitely. Action should be if user is using default cpu
973 limit, use default of queue consistent with ear using same and not
974 saying anything about implicit time limit. If not using default cpu
975 limit, should query if new queue has lower limit. Should warn if new
976 queue will never run, as does ear.
977
978 21 phx03154
979 Blast messages are sent to all instances of a user even if a channel is
980 specified.
981
982 20 phx03073
983 There are race conditions allowing a login to get through a stop.
984 dialup_ should stop login/process-creations in progress.
985
986 17
987
988
989 16 phx02805
990 ed_mgt permits a real time work class given 0%. This causes the AS not
991 to initialize.
992
993 14 none
994 RLV full causes system crash.
995
996 13 phx02570 phx07347
997 RQO in >sc1 causes system crash
998
999 12 phx02566
1000 asu_ contains many undocumented error messages.
1001
1002 10 phx02473
1003 ed_mgt cannot report many load control group parameters.
1004
1005 9 phx02431 phx12328
1006 b_and_w fails if last_month.use_totals is a null segment and is much too
1007 gullible in general.
1008
1009 8 none
1010 none
1011
1012 5 phx02336
1013 There is a discrepancy in the treatment of processes not assigned to a
1014 load control group between load_ctl_ and reassign_work_classes_.
1015
1016 4 phx02135
1017 Error messages printed after failure of AS initialization are very
1018 cryptic.
1019
1020 3 phx01536
1021 If a project is delegated to a system administrator or daemon, that user
1022 is given incorrect access to some system segments.