[Info-vax] purging another user's mail from a semi-priviledged account
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Apr 5 12:04:32 EDT 2013
On 2013-04-05 15:35:45 +0000, Phillip Helbig---undress to reply said:
> Is this expected or surprising?
Given the choice is either "massive security hole" or
"misunderstanding", this is very likely expected hehavior for the
configuration.
It's reasonable to suspect that there was probably at least group write
access available to the target directories, and READALL gave the access
to the protected files.
The accessor having system privileges — a system-group UIC — is
certainly also within the realm here, given what (wasn't) shown.
Though rare, ACLs can be involved in these "apparent-oddity" cases
involving security, too.
You will need to review the security with DIRECTORY /SECURITY commands
on the files and directories, and can enable and use the file access
and use of privileges security alarms (or audits) to see exactly what
happened here.
While there are a few tools that do, it's rare for an OpenVMS tool to
use SETPRV of its own volition, and certainly easy enough to spot with
the use-of-privileges alarms or audits.
DYODD, with auditing or alarms, and with the related settings.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list