Subject: | |
From: | Peter Edward Popovich <POPOVICH@UCF1VM> |
Reply To: | Revised LISTSERV forum <LSTSRV-L@CEARN> |
Date: | Mon, 18 Sep 89 05:38:43 EST |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Mon, 18 Sep 89 01:18:00 PDT Leonard D Woren said:
>If the problem was caused by an unprivileged user on the system, then
>get the vendor to fix the system. If the vendor can't/won't, then get
>a real O.S. -- one which can protect itself from malicious users. (Of
>course, this requires that the systems programmers and admininstrators
>_use_ the security features in the system.) If the hackers got in by
>guessing passwords to privileged userids, I'd say there's an
>administrative problem at the site, *not* at the place that provides
>various tools.
I concur, with reservations. The programs in question were ones that
'...changed memory...' (I assume IBM VM), but CP won't let a standard
(Class G only user) change real memory. So (unless CP was't doing its
job -- in this case the NAD should get IBM to fix it) the account must
have had special privs. In this case, the NAD shouldn't let anyone who
isn't trustworthy get ahold of an account with these kind of privs.
(Actually, the effects of most system programs can be simulated by
direct CP commands... If the user was gonna mess up the system, he
didn't need the programs. CP and a Manual would have been all he
needed.)
Peter E. Popovich
Disclaimer -- My employers only laugh at me when I talk like this...
|
|
|