jet@karazm.math.uh.edu (J. Eric Townsend) (10/28/90)
The Len Rose article brings to mind a couple of questions: 1. Is running su(1) on a UNIX machine where you aren't allowed root illegal? Having owned or managed a UNIX machine for almost 4 years now, it's second nature for me to su and go do something I can't do as "me". (Like write files in a directory I don't own.) Quite often, while showing a fellow student how to do something (but using *MY* account), I try to copy something into their directory. When I get a fail, I try to su to root, usually before I remember that I'm not allowed root access on whatever machine I'm on. Is this a crime? I'm really not trying to crack root, but it sure looks that way when I do it once or twice a day. "Whoops, I accidentally broke into your house. See, I thought I was at my house, and I've lost my keys, so I was just going to force a window." (Luckily, I know the administrators, and they believe that I'm not trying to crack their system. If I wanted to do that, I'd turn on my parallel webster code... (*)) 2. What about using a friend's account with their permission? Obviously this is not my "property" -- I'm using someone else's allocation of cycles -- but I do have their permission. Is it still gaining access to data or information that I don't own? (If someone lets me use an account on a system that requires a governmental clearance, I think there could be some problems.) Anybody have any comments? (*) -- Various ways to disable or break into a machine via this method are left as an exercise for the reader. -- J. Eric Townsend Internet: jet@uh.edu Bitnet: jet@UHOU Systems Manager - University of Houston Dept. of Mathematics - (713) 749-2120 EastEnders list: eastender@karazm.math.uh.edu Skate UNIX(r)
ehrlich@cs.psu.edu (Dan Ehrlich) (10/30/90)
In article <1990Oct28.000810.12135@lavaca.uh.edu> jet@karazm.math.uh.edu (J. Eric Townsend) writes:
Eric> 2. What about using a friend's account with their permission? Obviously
Eric> this is not my "property" -- I'm using someone else's allocation of
Eric> cycles -- but I do have their permission. Is it still gaining access
Eric> to data or information that I don't own? (If someone lets me use
Eric> an account on a system that requires a governmental clearance, I
Eric> think there could be some problems.)
I know that under Pennsylvania law (at least according to Penn State's legal
counsel) this would be considered an illegal act. The law prohibts the
'publication' of passwords. Also, it is not clear that your friend has been
granted the authority, by the owner of the computer system, to allow you to
use their account.
--
Dan Ehrlich - Sr. Systems Programmer - Penn State Computer Science
<ehrlich@cs.psu.edu>/Voice: +1 814 863 1142/FAX: +1 814 865 3176