[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | -={ H A C K E R S }=- |
| Notice: | Write locked - see NOTED::HACKERS |
| Moderator: | DIEHRD::MORRIS |
|
| Created: | Thu Feb 20 1986 |
| Last Modified: | Mon Aug 03 1992 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 680 |
| Total number of notes: | 5456 |
Here's a hack that seems to be a minor security hole.
I'll illustrate it by a technical riddle:
Q: Without knowing any passwords on node STAR::, how could you find
out the logical name definition for SYS$SYSTEM on STAR:: ?
A:
$ MAIL NL: STAR::SYS$SYSTEM
Try it !
I call it "minor", because I can't think of any mischief one can do merely
by knowing the definition of logical names.
On the other hand, if some logical name happened to point to a world-readable
directory, then perhaps . . .
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 112.1 | | ZEPPO::BANCROFT | | Tue Jun 04 1985 14:37 | 6 |
| The command
DIR nodename::
will give you the diskname of the DECnert default account.
I use the command as the shortest way I know to see if a
node is reachable.
phil Bancroft
|
| 112.2 | | EDSVAX::CRESSEY | | Wed Jun 05 1985 13:40 | 8 |
| I don't think that you have discovered an unitended hole.
The DECnet account has always been intended as a 'porthole'
by which folks on the Net can look at a system. Managing
the access rights of the DECNET account is a critical bit of
system management.
Dave
|
| 112.3 | | TOPCAT::GEISENHAINER | | Thu Apr 17 1986 18:10 | 1 |
| y~
|