McGuire_Ed@GRINNELL.MAILNET (03/18/86)
I talked to CSC recently about the ACL hole in logical name table security, and they said that under V4.2 a user gets a privilege violation if she tries to put an ACL on a group table in a different group, so it is only necessary to protect LNM$SYSTEM_TABLE (and that the bug would be fixed in V4.3). But the mail discussing the security problem in this forum indicates that the bug applies to group name tables. What gives? Has anybody actually tried to break group tables under V4.2?
@SNEEZY.UUCP (cmf) (03/23/86)
What CSC told you is true. However, there is another problem. If a group has both privileged and non-privileged users in it, it is possible for a non-privileged user to disrupt a privileged user by placing an ACL on the group logical name table, and then adding logical names such as SYS$SYSTEM: -> SYS$USERDISK:[MYDIR],SYS$SYSROOT:[SYSEXE] and other awful things. If you really intend to be security concious, these are openings you must be aware of, and take steps to close. The only way I know of to fix this is to run a detached process from SYSTARTUP in the given group, which will place the ACL the system manager wants on the table, thus thwarting any further attempts. Carl Fongheiser ...!decvax!cwruecmp!sneezy!cmf cmf%sneezy%case@CSnet-relay.ARPA