smith%eri.DECnet@MGHCCC.HARVARD.EDU ("ERI::SMITH") (09/03/87)
We wanted to put security alarms on file access by means of the BYPASS privilege. When we tried, we were unpleasantly surprised to discover that a commercial word-processing package, Word-11 by Data Processing Design, routinely makes use of BYPASS in normal operation. This is not mentioned in their system managers' guide, nor is it immediately obvious (they tell you to run a .COM file that installs a number of things with CMEXEC privilege, but BYPASS is not spelled out anywhere). I'd like some reaction from netland about this. We're not very concerned with security, so our immediate response is not to monitor BYPASS, but I'd like to know if I'm being fair in regarding this as shoddy practice on DPD's part. I complained about this about a year ago, in version 4.0. Version 4.1, released a few months ago, still uses BYPASS. As they did a year ago, they vaguely suggest they might change this in the next release. Their explanation is that it shouldn't bother us because Word-11 only uses BYPASS for a short time. Apparently it does this in order to avoid a possible error message while attempting to gain access to a file it needs, probably the database file in which it stores information about users, print queues, etc. If I'm right in thinking this is a fairly bad thing for Word-11 to be doing, I want to let other Word-11 users know about it so we can inundate them with enough complaints to GET it fixed in the NEXT release. On the other hand, if the general opinion is that it's no big deal I'll shut up about it. -------------------------------------------------------------------- Daniel P. B. Smith ARPA: smith%eri.decnet@mghccc.harvard.edu Eye Research Institute CompuServe: 74706,661 20 Staniford Street Telephone (voice): 617 742-3140 Boston, MA 02114 -------------------------------------------------------------------- "We are in great haste to construct a magnetic telegraph from Maine to Texas; but Maine and Texas, it may be, have nothing important to communicate."--Thoreau ------
CP.PAVER@MCC.COM (Bob Paver) (09/04/87)
Give 'em hell! No "commercial" software should run with BYPASS. Certainly not without telling you. There has to be at least a few ways to avoid the need for BYPASS. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Bob Paver (512) 338-3316 Microelectronics and Computer Technology Corp. (MCC) 3500 West Balcones Center Drive Austin, TX 78759 ARPA: paver@mcc.com UUCP: {ihnp4,seismo,harvard,gatech}!ut-sally!im4u!milanoarent885y bed w