zar@IAGO.CALTECH.EDU (Dan Zirin) (09/30/87)
I found another "bug":
If you have a directory protection set to (RW,RW,R,E) (what I
like to do a lot), and you turn on the security alarm for the
file_access with BYPASS privilege, you will see the alarms go
nuts trying to tell you everyone and their brother is using
BYPASS to access data in the directories they don't have Execute
privilege on the directory.
In reading the manuals regarding protection (many moons ago) I assumed
that if a directory has READ access granted, EXECUTE access is implied.
This doesn't appear to be the case for security alarms, but it does
appear to work in practice.
Is it me or do the rest of you feel READ doesn't imply EXECUTE when
dealing with directory protections? And even if you disagree with my
protection interpretation, why is the F11BXQP (or whatever its called)
grant access to directories with the BYPASS privilege under these
circumstances. And even if F11BXQP needs BYPASS to access the directory,
I'm only interested in user's gaining access with BYPASS, not eXternal
Queue Processors (or whatever XQP stands for). Life's a beach isn't it?
From The Great
Zar