jet@karazm.math.uh.edu (J. Eric Townsend) (10/28/90)
The Len Rose article brings to mind a couple of questions:
1. Is running su(1) on a UNIX machine where you aren't allowed root illegal?
Having owned or managed a UNIX machine for almost 4 years now, it's
second nature for me to su and go do something I can't do as "me". (Like
write files in a directory I don't own.) Quite often, while showing a
fellow student how to do something (but using *MY* account), I try to
copy something into their directory. When I get a fail, I try to su to
root, usually before I remember that I'm not allowed root access on
whatever machine I'm on.
Is this a crime? I'm really not trying to crack root, but it sure
looks that way when I do it once or twice a day. "Whoops, I
accidentally broke into your house. See, I thought I was at my house,
and I've lost my keys, so I was just going to force a window."
(Luckily, I know the administrators, and they believe that I'm not
trying to crack their system. If I wanted to do that, I'd turn
on my parallel webster code... (*))
2. What about using a friend's account with their permission? Obviously
this is not my "property" -- I'm using someone else's allocation of
cycles -- but I do have their permission. Is it still gaining access
to data or information that I don't own? (If someone lets me use
an account on a system that requires a governmental clearance, I
think there could be some problems.)
Anybody have any comments?
(*) -- Various ways to disable or break into a machine via this method
are left as an exercise for the reader.
--
J. Eric Townsend Internet: jet@uh.edu Bitnet: jet@UHOU
Systems Manager - University of Houston Dept. of Mathematics - (713) 749-2120
EastEnders list: eastender@karazm.math.uh.edu
Skate UNIX(r)ehrlich@cs.psu.edu (Dan Ehrlich) (10/30/90)
In article <1990Oct28.000810.12135@lavaca.uh.edu> jet@karazm.math.uh.edu (J. Eric Townsend) writes:
Eric> 2. What about using a friend's account with their permission? Obviously
Eric> this is not my "property" -- I'm using someone else's allocation of
Eric> cycles -- but I do have their permission. Is it still gaining access
Eric> to data or information that I don't own? (If someone lets me use
Eric> an account on a system that requires a governmental clearance, I
Eric> think there could be some problems.)
I know that under Pennsylvania law (at least according to Penn State's legal
counsel) this would be considered an illegal act. The law prohibts the
'publication' of passwords. Also, it is not clear that your friend has been
granted the authority, by the owner of the computer system, to allow you to
use their account.
--
Dan Ehrlich - Sr. Systems Programmer - Penn State Computer Science
<ehrlich@cs.psu.edu>/Voice: +1 814 863 1142/FAX: +1 814 865 3176