[Info-vax] Why is INSTALL.EXE privileged?
Peter 'EPLAN' LANGSTOEGER
peter at langstoeger.at
Sat Feb 12 20:07:39 EST 2011
In article <00AAAE70.CAC7E498 at SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
>I've never enabled FINGER. I thought it was a stupid feature when I worked
>in the DoD labs and I still do.
Is the FINGER client image only installed with privs if you enabled
the finger client? Then this is (almost) a non issue, as I don't know
anyone who has FINGER enabled. But I should check this myself...
>However, a poorly written application that
>is installed on VMS is not a VMS weakness
But it is a TCPIP weakness, and TCPIP is from VMS/TCPIP engineering
of HPQ (and you nowadays barely find a system without TCP/IP) and so
has a valid point.
> and these jokers who could barely
>spell VMS if you spotted them the V and the M never made that point clear.
Yup, but don't shoot the messengers
>
>>>Anyway, the so-called CLI bug, which was in SMG, has been patched.
>>
>>Anyway, I still don't understand why images destined for system managers
>>are installed with system privileges, so that normal users can use them
>>as well (only sometimes intentionally - for a subset of the functions)...
>
>I don't know that either. Save that it does permit Joe Average to have
>a look-see at what is or is not installed.
and hackers as to what images to attack (as also told in the video)...
--
Peter "EPLAN" LANGSTÖGER
Network and OpenVMS system specialist
E-mail Peter at LANGSTOeGER.at
A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist
More information about the Info-vax
mailing list