[Info-vax] Why is INSTALL.EXE privileged?
Peter 'EPLAN' LANGSTOEGER
peter at langstoeger.at
Sat Feb 12 17:04:41 EST 2011
In article <00AAAE54.CC4D0B43 at SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
>In article <4d56c01b$1 at news.langstoeger.at>, peter at langstoeger.at (Peter 'EPLAN' LANGSTOeGER) writes:
>>The nice (youtube) video on openvmshobbyist.org reminded me of a question I
>>had (in the 80ies and) long forgotten:
>
>Yawn! I'm still not convinced that these guys found these vulnerabilities
>without someone pointing them out to them. They're clearly uninitiated on
>VMS and they way they go about some of this is ridiculous.
But they finally succeeded. So imagine an VMS initiated bad guy...
I still don't fully understand, how they succeeded with the finger client.
Maybe I sometimes temporary switch to UCX and start to try it myself.
Btw: No, TCPWARE:FINGER.EXE isn't required to be installed with privs
(but you need the finger server enabled/started to have it working)
>Anyway, the so-called CLI bug, which was in SMG, has been patched.
Anyway, I still don't understand why images destined for system managers
are installed with system privileges, so that normal users can use them
as well (only sometimes intentionally - for a subset of the functions)...
--
Peter "EPLAN" LANGSTÖGER
Network and OpenVMS system specialist
E-mail Peter at LANGSTOeGER.at
A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist
More information about the Info-vax
mailing list