[Info-vax] Unexpected DECnet Phase IV functionality with possible captive account implications
Arne Vajhøj
arne at vajhoej.dk
Mon May 17 14:51:57 EDT 2021
On 5/14/2021 1:35 PM, Simon Clubley wrote:
> On 2021-05-14, Mark Berryman <mark at theberrymans.com> wrote:
>> On 5/14/21 6:37 AM, Simon Clubley wrote:
>>> On 2021-05-13, Mark Berryman <mark at theberrymans.com> wrote:
>>>> On 5/13/21 11:58 AM, Simon Clubley wrote:
>>>>>
>>>>> All you have been able to demonstrate is that someone with detailed
>>>>> knowledge of VMS (ie: you) and the time to experiment has been able
>>>>> to implement something that addresses my concerns, and only by outright
>>>>> denying network access to the captive account.
>>>>
>>>> Wrong. I did not. There was no denying network access whatsoever.
>>>
>>> Yes, you did Mark. You used the f$mode() technique followed by an
>>> explicit logout and that's an outright blocker for the modes you
>>> want to deny. I've used the same technique myself in the past for
>>> the same reason.
>>
>> Quoting from my original posting, here are the contents of the captive
>> procedure I used:
>>
>>> $ @ssl111$com:ssl111$cert_tool.com
>>> $ logout
>>
>
> That's from your first example Mark which also outright denies
> access to network mode by means of the logout statement without
> even checking any modes.
>
> Your second example, which does use f$mode(), and is a better way
> to achieve this, also outright denies access to network mode, but
> in a more controlled way.
The examples have something in common: they are both shown
in the examples in the manual.
Arne
More information about the Info-vax
mailing list