[Info-vax] Unexpected DECnet Phase IV functionality with possible captive account implications
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri May 14 13:35:28 EDT 2021
On 2021-05-14, Mark Berryman <mark at theberrymans.com> wrote:
> On 5/14/21 6:37 AM, Simon Clubley wrote:
>> On 2021-05-13, Mark Berryman <mark at theberrymans.com> wrote:
>>> On 5/13/21 11:58 AM, Simon Clubley wrote:
>>>>
>>>> All you have been able to demonstrate is that someone with detailed
>>>> knowledge of VMS (ie: you) and the time to experiment has been able
>>>> to implement something that addresses my concerns, and only by outright
>>>> denying network access to the captive account.
>>>
>>> Wrong. I did not. There was no denying network access whatsoever.
>>
>> Yes, you did Mark. You used the f$mode() technique followed by an
>> explicit logout and that's an outright blocker for the modes you
>> want to deny. I've used the same technique myself in the past for
>> the same reason.
>
> Quoting from my original posting, here are the contents of the captive
> procedure I used:
>
> > $ @ssl111$com:ssl111$cert_tool.com
> > $ logout
>
That's from your first example Mark which also outright denies
access to network mode by means of the logout statement without
even checking any modes.
Your second example, which does use f$mode(), and is a better way
to achieve this, also outright denies access to network mode, but
in a more controlled way.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list