On Tue, 10 Mar 1992 07:26:51 EST Jim Gerland - User Support Services <GERLAND@UBVM> said: >I think its time to re-think the 'NAD' only idea. Since most of those >files require some advanced privilege, what is the concern? A long time ago, I wrote a program called ACCESS0 to access mode A0 files on a R/O disk. The purpose was to make backups and examine the disks of service machines which use A0 files to store status information. I made this file available, and about 1 month later, a paper letter from the director of one of the largest computing centres in the country landed on the desk of the director of my computing centre that basically said I was a dangerous criminal helping hackers to crack systems (in nicer words). I assume students retrieved the program and used it to access sensitive data (such as leftover DIRECT files from DIRMAINT on an administrator's 191) that the local systems people, in their incompetence, had thought to be protected by the A0 mode in spite of READ=ALL. Given that the exposure had always been there, and is documented by IBM, one would have expected a different reaction. But human nature being what it is, a confession of incompetence and carelessness is always hard to swallow, whereas blaming someone for involuntarily helping malicious people is very easy and makes all the people involved (locally) feel good. From the point of view of "human resources management", I guess it is a good thing: local staff is happy to escape unblamed but feels a bit guilty and will be very careful, knowing that "next time" they *would* be blamed, and the reputation of the computing centre is unblemished - they are the unfortunate victims. Eric