[Info-vax] purging another user's mail from a semi-priviledged account
Phillip Helbig---undress to reply
helbig at astro.multiCLOTHESvax.de
Sat Apr 6 03:49:37 EDT 2013
In article <kjmshs$lkh$1 at dont-email.me>, Stephen Hoffman
<seaohveh at hoffmanlabs.invalid> writes:
> It's reasonable to suspect that there was probably at least group write
> access available to the target directories, and READALL gave the access
> to the protected files.
No group, but system write access.
> The accessor having system privileges, system-group UIC is
> certainly also within the realm here, given what (wasn't) shown.
Right; that was it, [1,5],
> While there are a few tools that do, it's rare for an OpenVMS tool to
> use SETPRV of its own volition, and certainly easy enough to spot with
> the use-of-privileges alarms or audits.
I remember one, in a previous version of VMS, which not only set some
privs but didn't remove them when complete.
More information about the Info-vax
mailing list