garry@GEOLOGY ("Garry Wiegand ", et al) (02/09/86)
[The previously posted fix to the VMS 4.2 security hole was not complete...
I *hope* this one is!]
Everyone should add the following 2 lines to SYSTARTUP:
$ SET ACL/OBJ=LOGICAL/ACL=(ID=[*,*],ACCESS=READ) LNM$SYSTEM_TABLE
$ SET ACL/OBJ=LOGICAL/ACL=(ID=[*,*],ACCESS=READ) LNM$SYSTEM_DIRECTORY
*** Failure to do this will allow anyone who's read the network news ***
*** to do anything they please on your system. ***
If there are any groups that *mix* privileged and non-privileged users,
the relevant group tables should be explicitly created and protected
in SYSTARTUP as well. The closest I've been able to come from DCL is:
$ SET UIC [xxx,0]
$ CREATE/NAME/EXEC/PAR=LNM$SYSTEM_DIRECTORY /PROTECTION=(S:RWED,O,G:R,W) -
LNM$GROUP_000xxx
$ SET ACL/OBJ=LOGICAL/ACL=((ID=[xxx,*],ACCESS=READ),(ID=[*,*],ACCESS=NONE))-
LNM$GROUP_000xxx
where 'xxx' is the exactly-3-digit group number.
Note: I have not been able to find a way for a non-privileged user to use
ACL's to break a "JOB" or "PROCESS" table --- but it seems like it ought
to be do-able. Anyone know?
This is the third time (at least) this bug has been mentioned on the net --
be nice to your neighboring system gurus -- PASS THE WORD.
garry wiegand
garry%geology@cu-arpa
------