XRJJM%SCINT.SPAN@STAR.STANFORD.EDU (09/04/87)
Comment: Begin User Supplied Mail Headers.
*Site: NASA Goddard Space Flight Center - Greenbelt, Maryland, USA.
*Position: 76 Deg. 52' 28.5" West, 38 Deg. 59' 59.8" North.
*From: John J. McMahon, Systems Programmer, STX - ST Systems Corporation.
*Project: COBE Science Data Room (CSDR), Code 401.1
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@VLSI.JPL.NASA.GOV
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@STAR.STANFORD.EDU
*Reply-To: (Bitnet) FASTEDDY@IAFBIT
*Reply-To: (Span/Physnet/Hepnet) 6182::XRJJM = SCINT::XRJJM (Node 6.38)
*Reply-To: (Span/Physnet/Hepnet) 6173::XRJJM = CSDR::XRJJM (Node 6.29)
*Reply-To: (TEXnet) UTADNX::UTSPAN::SCINT::XRJJM
X> We wanted to put security alarms on file access by means of the BYPASS
X> privilege. When we tried, we were unpleasantly surprised to discover
X> that a commercial word-processing package, Word-11 by Data Processing
X> Design, routinely makes use of BYPASS in normal operation. This is
X> not mentioned in their system managers' guide, nor is it immediately
X> obvious (they tell you to run a .COM file that installs a number of
X> things with CMEXEC privilege, but BYPASS is not spelled out anywhere).
X>
X> --------------------------------------------------------------------
X> Daniel P. B. Smith ARPA: smith%eri.decnet@mghccc.harvard.edu
This brings up a couple of points about privledge that I'm not sure
people are aware of. And an annoying problem with using certain alarm
combinations.
The problem is that CMEXEC is one of those class 'ALL'
privledges. Which in my understanding means, if you got one (Like CMEXEC),
you can get the others. The programming may be a pain (in some cases), but
you can get the others. This seems to be what Word-11 does, it uses CMEXEC
to get BYPASS. Sneaky, very sneaky. I think they should have warned you
about that, or told you to install it with CMEXEC and BYPASS. Among other
things, it makes you wonder if it isn't invoking CMKRNL, or SECURITY,
or LOG_IO somewhere in the code.
Another question would be, why use BYPASS to get to a reference file ?
Why not use ACL's ? I've never seen Word-11, so if there is a reason
why this is a problem, let me know.
The annoying problem is the fact that the Alarm routines are fairly dumb,
what I mean is that they report any use of a privilege. Some of them I
would rather filter out, like when my INFO-VAX mail arrives and I get
a SYSPRV alarm when MAIL writes to my mail file. Similar problems occur
with other images, et al. I realize there are several cases where
I could shoot myself in the foot with this idea, but how many pages
of useless alarms have you read through trying to find a valid security
breach ?
I realize this isn't a secure list, and comments have been made in the past
about "Please don't say that on an open mailing list", especially regarding
security. However, if you have complaints with my comments due to security
considerations, please contact me directly. I do not think Info-Vax is a good
forum for personal comments.
Regards... Enjoy the Labor Day Holiday (For those of you in the US),
^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v
John J. McMahon (Fast-Eddie)
Disclaimer: Views expressed in this letter are my own,
and are not meant to represent the views of my employers.