MCKEEVER@UMKCVAX2.BITNET.UUCP (06/19/87)
I think I may have discovered a way for those sites who have not received the patch from DEC yet to know if their users are taking advantage of the security hole. From an account with SECURITY priv. type in the command (interactively, and then put it in your SYSTARTUP): $ SET AUDIT/ALARM/ENABLE=(AUTH,ACL) What this does is tell you when the SYSUAF.DAT or the RIGHTSLIST.DAT are modified by issuing an OPCOM message to every terminal enabled with security as well as logging it to the console and the OPERATOR.LOG. If the system manager is careful about who he or she gives SECURITY to, this cannot be disabled without setting off the alarm at least once. This won't plug the hole, but it should tell you who has been poking around. And if you're QUICK, you could disuser the perpetrator before they can do any damage. The drawback to this is that before you modify SYSUAF you must turn off the alarm with: $ SET AUDIT/ALARM/DISABLE=(AUTH,ACL) Otherwise, sitting next to the console can be a bit un-nerving. With the alarm on, you are also notified of any password changes that people make since it requires modification of SYSUAF. I'm not sure if this will work since I've already applied the patch. But if someone out there has a program that takes advantage of the bug, and hasn't applied the patch yet, I'm sure there are a lot of people who would be anxious to know whether the little alarm does go off. If it does, maybe it would give system managers who haven't received or applied the patch yet a little peace of mind. If it's not already too late. ------------------------------------------------------------------------- UMU UMUMUMUMUM UMU UMUMUMUMUM Brian McKeever UMU UMUMUMUMUM UMU UMUMUMUMUM University of Missouri Kansas City U UM U Computer Science U UM UM UM 4747 Building Rm. 219 UMUMUMUM UMUM UMUM 5100 RockHill Rd. UMUMUMUM UMUM UMUM Kansas City, MO 64110 UMUMUMUM UMUM UMUM BITNET: MCKEEVER@UMKCVAX1 UMUMUMUM UMUM UMUM -------------------------------------------------------------------------