[Info-vax] Problem with Filezilla connecting to OpenVMS
Dave Froble
davef at tsoft-inc.com
Tue Dec 11 11:27:47 EST 2018
On 12/11/2018 8:39 AM, Bill Gunshannon wrote:
> On 12/11/18 8:19 AM, Simon Clubley wrote:
>> On 2018-12-11, VAXman- @SendSpamHere.ORG <VAXman- at SendSpamHere.ORG>
>> wrote:
>>> In article <punskp$di9$1 at dont-email.me>, Simon Clubley
>>> <clubley at remove_me.eisner.decus.org-Earth.UFP> writes:
>>>> On 2018-12-10, Kerry Main <kemain.nospam at gmail.com> wrote:
>>>>>
>>>>> Having stated this, every platform is different and yes,
>>>>> while some issues are common, many are not.
>>>>>
>>>>
>>>> That's certainly true. For example, VMS has security weaknesses that
>>>> other operating systems do not, such as a privileged shell.
>>>
>>> Other OSs don't have a privileged shell?
>>>
>>
>> No. At least not in the way that VMS has one.
>>
>> On Unix, you can create and use your own shell, Brian's Super Shell
>> (BSS),
>> as a non-privileged user.
>>
>> BSS could run privileged programs just fine, but BSS, unlike DCL,
>> will never, ever, see the privileges of the program it has just
>> started.
>>
>> The only way for BSS to get privileges is to be run by a privileged
>> user.
>>
>
> Well, it's probably a matter of semantics, but a Unix Shell can be
> made to run with privilege when started by an ordinary user, but
> that requires using a feature that has been considered dangerous and
> a bad idea (even by the man who created it) for a long time.
>
> bill
>
From what you're writing, he still created it. Then the question
becomes, how many use the capability. Perhaps security is based upon
usage, regardless of the OS capabilities?
How many WEENDOZE users run with full privs? Even though a WEENDOZE
user can run without, how many WEENDOZE apps require full privs?
Not so black or white, huh?
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list