MCDONALD@UMKCVAX1.BITNET (02/20/86)
VAX people,
The recent DISKQUOTA info from oz, bring up a more general question.
Why do system things like AUTHORIZE, INSTALL, ect need to be INSTALLed
at all? Are there shops where they are in that much use?? And why do
they give important files like these w:re protection??
-GaryM. BITNET contact UMKCVAXn (n=1,3)
Univ. of Mo. at K.C.garry@TCGOULD.TN.CORNELL.EDU (Garry Wiegand) (02/24/86)
In a recent article MCDONALD@UMKCVAX1.BITNET wrote: > The recent DISKQUOTA info from oz, bring up a more general question. >Why do system things like AUTHORIZE, INSTALL, ect need to be INSTALLed >at all? Are there shops where they are in that much use?? And why do >they give important files like these w:re protection?? [Here there be VMS internals! Long! Use your 'n' key now!] They must do the proper privilege checking inside... the only reasons on VMS to read-protect an executable image is to prevent people from a) decoding the machine-instructions (getting a copy of the fiche is much easier), or b) liberating something proprietary from your machine. I suspect the Installed "CMKRNL" is needed so the programs can sound security alarms even if the caller is not privileged. [flame on] "Security alarms" against privileged users -- on things like Install and Authorize -- are a pure joke. If you've got enough privileges to be really Installing or Authorizing, then it's trivial (more or less) to invisibly circumvent/disable any alarms in the way. I wish Dec had spent their time doing something more profitable for us... Simple Example 1: Ever do an OPEN directly from DCL on SYSUAF.DAT?... so have many other people. No "Authorize" alarm will occur -- only the much vaguer "Sysprv" alarm (if it's enabled at all). Simple Example 2: You must *normally* have CMKRNL turned on to Install something. If you've already got Cmkrnl, just run a program which a) changes to kernel, b) makes alarms vanish from the world, and then c) gives you whatever you need. I offer these "tricks" purely for illustration -- my point is that if you are dealing with technically competent people, then the "Guide to Security Management" is just marketing hype, and you must remain as humanly vigilant as always. Final caveat: if you are dealing with amateurs, then security features such as the "breakin" alarm and non-English passwords *do* have a little value. But if you're a university, like us, those things just become a good way to annoy everyone. garry wiegand garry%geology@cu-arpa.cs.cornell.edu.arpa