Skip to main content

This is documentation for Caché & Ensemble. See the InterSystems IRIS version of this content.

For information on migrating to InterSystems IRIS, see Why Migrate to InterSystems IRIS?

The Secure Debug Shell

The Secure Debug Shell

Caché includes the ability to suspend a routine and enter a shell that supports full debugging capabilities (as described in the “Command-line Routine Debugging” chapter of Using Caché ObjectScript). Caché also includes a secure debug shell, which has the advantage of ensuring that users are prevented from exceeding or circumventing their assigned privileges.

The secure debug shell helps better control access to sensitive data. It is an environment that allows users to perform basic debugging, such as stepping and displaying variables, but does not allow them to do anything that changes the execution path or results of a routine. This protects against access that can lead to issues such as manipulation, malicious role escalation, and the injection of code to run with higher privileges.

The secure debug shell starts when a Break command is executed, a breakpoint or watchpoint is encountered, or an uncaught error is issued.

Within the secure debug shell, the user cannot invoke:

  • Any command that can modify a variable.

  • Any function that can modify a variable.

  • Any command that can call other routines.

  • Any command that affects the flow of the routine or the environment.

For a detailed list of command, function, and object construct restrictions, refer to Secure Debug Shell in the “Command-line Routine Debugging” chapter of Using Caché ObjectScript.

Within the secure debug shell, when a user attempts to invoke a restricted command or function, Caché throws a <COMMAND> or <FUNCTION> error, respectively.

Enabling Use of the Secure Shell

By default, users at the debug prompt maintain their current level of privileges. To enable the secure shell for the debug prompt and thereby restrict the commands that the user may issue, the user must hold the %Secure_Break:Use privilege (the Use permission for the %Secure_Break resource). To give a user this privilege, make the user a member of a role which includes the %Secure_Break:Use privilege, such as the predefined %SecureBreak role.