XRJJM%SCINT.SPAN@STAR.STANFORD.EDU (09/04/87)
Comment: Begin User Supplied Mail Headers. *Site: NASA Goddard Space Flight Center - Greenbelt, Maryland, USA. *Position: 76 Deg. 52' 28.5" West, 38 Deg. 59' 59.8" North. *From: John J. McMahon, Systems Programmer, STX - ST Systems Corporation. *Project: COBE Science Data Room (CSDR), Code 401.1 *Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@VLSI.JPL.NASA.GOV *Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@STAR.STANFORD.EDU *Reply-To: (Bitnet) FASTEDDY@IAFBIT *Reply-To: (Span/Physnet/Hepnet) 6182::XRJJM = SCINT::XRJJM (Node 6.38) *Reply-To: (Span/Physnet/Hepnet) 6173::XRJJM = CSDR::XRJJM (Node 6.29) *Reply-To: (TEXnet) UTADNX::UTSPAN::SCINT::XRJJM X> We wanted to put security alarms on file access by means of the BYPASS X> privilege. When we tried, we were unpleasantly surprised to discover X> that a commercial word-processing package, Word-11 by Data Processing X> Design, routinely makes use of BYPASS in normal operation. This is X> not mentioned in their system managers' guide, nor is it immediately X> obvious (they tell you to run a .COM file that installs a number of X> things with CMEXEC privilege, but BYPASS is not spelled out anywhere). X> X> -------------------------------------------------------------------- X> Daniel P. B. Smith ARPA: smith%eri.decnet@mghccc.harvard.edu This brings up a couple of points about privledge that I'm not sure people are aware of. And an annoying problem with using certain alarm combinations. The problem is that CMEXEC is one of those class 'ALL' privledges. Which in my understanding means, if you got one (Like CMEXEC), you can get the others. The programming may be a pain (in some cases), but you can get the others. This seems to be what Word-11 does, it uses CMEXEC to get BYPASS. Sneaky, very sneaky. I think they should have warned you about that, or told you to install it with CMEXEC and BYPASS. Among other things, it makes you wonder if it isn't invoking CMKRNL, or SECURITY, or LOG_IO somewhere in the code. Another question would be, why use BYPASS to get to a reference file ? Why not use ACL's ? I've never seen Word-11, so if there is a reason why this is a problem, let me know. The annoying problem is the fact that the Alarm routines are fairly dumb, what I mean is that they report any use of a privilege. Some of them I would rather filter out, like when my INFO-VAX mail arrives and I get a SYSPRV alarm when MAIL writes to my mail file. Similar problems occur with other images, et al. I realize there are several cases where I could shoot myself in the foot with this idea, but how many pages of useless alarms have you read through trying to find a valid security breach ? I realize this isn't a secure list, and comments have been made in the past about "Please don't say that on an open mailing list", especially regarding security. However, if you have complaints with my comments due to security considerations, please contact me directly. I do not think Info-Vax is a good forum for personal comments. Regards... Enjoy the Labor Day Holiday (For those of you in the US), ^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v John J. McMahon (Fast-Eddie) Disclaimer: Views expressed in this letter are my own, and are not meant to represent the views of my employers.