[Info-vax] Why is INSTALL.EXE privileged?
hb
becker.ismaning at freenet.de
Mon Feb 14 04:26:31 EST 2011
On Feb 13, 2:07 am, pe... at langstoeger.at (Peter 'EPLAN' LANGSTOEGER)
wrote:
> In article <00AAAE70.CAC7E... at SendSpamHere.ORG>, VAXman- @SendSpamHere.ORG writes:
> >I've never enabled FINGER. I thought it was a stupid feature when I worked
> >in the DoD labs and I still do.
>
> Is the FINGER client image only installed with privs if you enabled
> the finger client? Then this is (almost) a non issue, as I don't know
> anyone who has FINGER enabled. But I should check this myself...
>
> >However, a poorly written application that
> >is installed on VMS is not a VMS weakness
>
> But it is a TCPIP weakness, and TCPIP is from VMS/TCPIP engineering
> of HPQ (and you nowadays barely find a system without TCP/IP) and so
> has a valid point.
>
> > and these jokers who could barely
> >spell VMS if you spotted them the V and the M never made that point clear.
>
> Yup, but don't shoot the messengers
>
>
>
> >>>Anyway, the so-called CLI bug, which was in SMG, has been patched.
>
> >>Anyway, I still don't understand why images destined for system managers
> >>are installed with system privileges, so that normal users can use them
> >>as well (only sometimes intentionally - for a subset of the functions)...
>
> >I don't know that either. Save that it does permit Joe Average to have
> >a look-see at what is or is not installed.
>
> and hackers as to what images to attack (as also told in the video)...
>
> --
> Peter "EPLAN" LANGSTÖGER
> Network and OpenVMS system specialist
> E-mail Pe... at LANGSTOeGER.at
> A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist
INSTALL LIST/GLOBAL
This command lists internal data structures of global sections an
unprivileged user can create. That's all I can think of, at the
moment. If you don't need that feature you can omit the privileges.
More information about the Info-vax
mailing list