[Info-vax] Problem with Filezilla connecting to OpenVMS

John Reagan xyzzy1959 at gmail.com
Tue Dec 11 14:41:19 EST 2018 

On Tuesday, December 11, 2018 at 1:41:56 PM UTC-5, Dave Froble wrote:
> On 12/11/2018 1:15 PM, Simon Clubley wrote:
> > On 2018-12-11, Dave Froble <davef at tsoft-inc.com> wrote:
> >> On 12/11/2018 8:39 AM, Bill Gunshannon wrote:
> >>> On 12/11/18 8:19 AM, Simon Clubley wrote:
> >>>>
> >>>> BSS could run privileged programs just fine, but BSS, unlike DCL,
> >>>> will never, ever, see the privileges of the program it has just
> >>>> started.
> >>>>
> >>>> The only way for BSS to get privileges is to be run by a privileged
> >>>> user.
> >>>>
> >>>
> >>> Well, it's probably a matter of semantics, but a Unix Shell can be
> >>> made to run  with privilege when started by an ordinary user, but
> >>> that requires using a feature that has been considered dangerous and
> >>> a bad idea (even by the man who created it) for a long time.
> >>>
> >>
> >>   From what you're writing, he still created it.  Then the question
> >> becomes, how many use the capability.  Perhaps security is based upon
> >> usage, regardless of the OS capabilities?
> >>
> >
> > It was a joke David. :-)
> >
> > To enable the option Bill is thinking of, Brian would already need
> > to have root level access.
> >
> > In VMS land, it would be like saying yes, I can write a program as
> > a non-privileged user that runs with full privileges provided you
> > give me the password to SYSTEM and then let me use INSTALL to install
> > my program will full privileges. :-)
> >
> > Simon.
> >
> 
> Our users require SYSLCK.  On VAX it was simple, for me.  On Alpha it 
> was much harder, for me.  Ok, Dave's a dummy.  It was still much harder 
> for me.
> 
> So, there is a UWSS, installed with privs, on every user system.  Can it 
> be a security issue?  I don't know.  I will admit that just about 
> anything could ultimately be a security issue.
> 
> First point, there are users with privs, and they can, and do, install 
> images with privs.  It happens.
> 
> Second point, which you just don't seem to get.  One does what one has 
> to do to get the job done.  Without that, YOU DON'T EXIST!  It's just 
> that simple.
> 
> So, can there be security issues?  Yes, there can, and most likely are. 
>   We do what we can.  Expect more, if you wish to do so.  Doesn't mean 
> you're being rational.  Doesn't mean you're going to get any satisfaction.
> 
> 
> -- 
> David Froble                       Tel: 724-529-0450
> Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
> DFE Ultralights, Inc.
> 170 Grimplin Road
> Vanderbilt, PA  15486

Don't you mean that your APPLICATION requires SYSLCK?

More information about the Info-vax mailing list