[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Nov 14 19:33:13 EST 2016
On 2016-11-14 19:30:42 +0000, John Reagan said:
> Did you see Hoff's suggestion that you don't even need your own .CLD?
That, and that this approach is UTTERLY INSECURE?
> - Copy SUBMIT.EXE to SUBMIT_WITH_CMKRNL.EXE
> - Apply sufficient protection/ACLs to SUBMIT_WITH_CMKRNL.EXE
> - Install SUBMIT_WITH_CMKRNL.EXE with CMKRNL
> - Prior to using the SUBMIT command, define a /USER logical SUBMIT to
> point to SUBMIT_WITH_CMKRNL.EXE
> - Use normal SUBMIT command but it will use SUBMIT_WITH_CMKRNL.EXE
> (assuming you have access to the .EXE)
Did I mention that you should just GRANT CMKRNL to EVERYBODY, because
at least that's being honest about the COMPLETE INSECURITY of this
approach?
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list