u-beasth%peruvian.utah.edu@cs.utah.edu (bryant eastham) (05/02/91)
I have noticed an interesting side effect of aliases. Say that I have a PASSWORDED partition on my hard disk (from Silverlining). I mount it and have to type the password. I then create an alias to something on that partition and copy it somewhere else (another partition). Then I throw away the partition that contains the now aliased file. The trash can stays the same, indicating (to me) that it is empty. I open the alias and, what do you know! my partition returns WITHOUT TYPING THE PASSWORD! This seems to be an incredible security hole. The only way to get the partition NOT to come back is to reset the machine (that I know of). Responses? Comments? Is this a 'feature' or a real bug? Bryant Eastham bryant@ced.utah.edu
chuq@Apple.COM (Chuq Von Rospach, only here for the beer) (05/02/91)
u-beasth%peruvian.utah.edu@cs.utah.edu (bryant eastham) writes: > I have noticed an interesting side effect of aliases. Say that I have >a PASSWORDED partition on my hard disk (from Silverlining). I mount it and >have to type the password. I then create an alias to something on that >partition and copy it somewhere else (another partition). >I open the alias and, what >do you know! my partition returns WITHOUT TYPING THE PASSWORD! > This seems to be an incredible security hole. The only way to get the >partition NOT to come back is to reset the machine (that I know of). This sounds like a bug in SilverLining. If you do the same to an Appleshare server, it prompts for passwords. -- Chuq Von Rospach >=< chuq@apple.com >=< GEnie:CHUQ or MAC.BIGOT >=< ALink:CHUQ SFWA Nebula Awards Reports Editor =+= Editor, OtherRealms Book Reviewer, Amazing Stories ---@--- #include <standard/disclaimer.h> Recommended: ORION IN THE DYING TIME Ben Bova (Tor, Aug, ***-); SACRED VISIONS Greeley&Cassutt (Tor, Aug, ****+); MEN AT WORK George Will (****); XENOCIDE Orson Scott Card (August, ****)
brad@aero.org (Bradley A. West) (05/02/91)
In article <52256@apple.Apple.COM> chuq@Apple.COM (Chuq Von Rospach, only here for the beer) writes: >u-beasth%peruvian.utah.edu@cs.utah.edu (bryant eastham) writes: > >> I have noticed an interesting side effect of aliases. Say that I have >>a PASSWORDED partition on my hard disk (from Silverlining). I mount it and >>have to type the password. I then create an alias to something on that >>partition and copy it somewhere else (another partition). > >>I open the alias and, what >>do you know! my partition returns WITHOUT TYPING THE PASSWORD! > >> This seems to be an incredible security hole. The only way to get the >>partition NOT to come back is to reset the machine (that I know of). > >This sounds like a bug in SilverLining. If you do the same to an Appleshare >server, it prompts for passwords. How did you create the alias? If you've got a beta of sys 7, this may be one of the incompatabilities corrected with the new version of Silverlining everyone's been clammering about. Brad
gandalf@apple.com (Martin Gannholm) (05/02/91)
In article <1991May1.203148.27729@aero.org> brad@aero.org (Bradley A. West) writes: > In article <52256@apple.Apple.COM> chuq@Apple.COM (Chuq Von Rospach, only here for the beer) writes: > >u-beasth%peruvian.utah.edu@cs.utah.edu (bryant eastham) writes: > > > >> I have noticed an interesting side effect of aliases. Say that I have > >>a PASSWORDED partition on my hard disk (from Silverlining). I mount it and > >>have to type the password. I then create an alias to something on that > >>partition and copy it somewhere else (another partition). > > > >>I open the alias and, what > >>do you know! my partition returns WITHOUT TYPING THE PASSWORD! > > > >> This seems to be an incredible security hole. The only way to get the > >>partition NOT to come back is to reset the machine (that I know of). > > > >This sounds like a bug in SilverLining. If you do the same to an Appleshare > >server, it prompts for passwords. > > How did you create the alias? If you've got a beta of sys 7, this may > be one of the incompatabilities corrected with the new version of > Silverlining everyone's been clammering about. > This is definitely not the System's fault. In pre-7.0 systems you could for example launch Disk First Aid and click the "Drive" button until all the devices had shown, and then Quit. The passworded partitions would be mounted in the same way that you can now do more easily with aliases. I think any program that scans the drive list and tries to mount a volume in the list would work. NOTE: this only works if the volume has been mounted WITH THE PASSWORD since the last reboot. Martin Exclaimer!!! I never said it...Nobody heard me say it...You can't prove anything!