SMH1420@TAMVENUS.BITNET.UUCP (12/12/86)
> Also, what are the disadvantages (system security wise) of Virtual > > terminals? Many people have asked the same question about the security disadvantages of virtual terminals. Since the only way to re-connect to a disconnected terminal is to have the correct/username password or suitable privileges (I believe that CMEXEC would be required - to modify the process header UIC or USERNAME fields) the level of security on your system should be the same as if you did not use virtual terminals. The only possible exception I can think of would be, for example, if someone had removed some level of security within a login, disconnected, and then someone else re-connected (for instance: Top Dog opens classified file after decrypting with VAX ENCRYPTION and then disconnects. Later his secretary [with his password] reconnects and may view the file because he did not re-encrypt). Virtual terminals can be a nice feature of VMS, but can also be easily used improperly. If you set the default timeout in sysgen to longer that 15 min (TTY_TIMEOUT = 900 seconds) you may end up with many disconnected processes on your system. A solution (if you wanted longer disconnect time - or only certain users to access virtual terminals) would be to enable virtual terminals, and then SET TERMINAL/NODISCONNECT on terminals you want to exclude from virtual terminal capability (there are other ways to do this also e.g. TTY_DEFCHAR in sysgen etc...) Steve Hicks SMH1420@TAMVENUS.BITNET
carl@CITHEX.CALTECH.EDU.UUCP (12/15/86)
No! You are WRONG. There is one MAJOR disadvantage to system security in using virtual terminals, vis.: if a job is logged in on a virtual terminal, the accounting information for that job always points to the virtual terminal, not to the physical terminal (anybody from DEC listening?). Without the pointer to the physical terminal, it is difficult (if not impossible) to figure out where attacks that succeed in logging in are coming from.