| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 269.1 | | VWSENG::KLEINSORGE | Toys 'R' Us | Wed Feb 22 1989 10:23 | 5 |
|
Adding that feature sounds like a real security hole to me the way
the pause feature is implemented!
|
| 269.2 | | QUARK::LIONEL | Ad Astra | Wed Feb 22 1989 10:31 | 7 |
| I've wished for this feature too. What I'd like is a resource name that, if
set, specifies a temporary process name for the session manager while the
workstation is paused. I have people frantically trying to PHONE me at
night, thinking I'm working, because they see the sessions logged in.
Steve
|
| 269.3 | is this a good thing anyway? | HIBOB::VANLAANEN | John VanLaanen CXO1-1/P26, dtn 522-2310 | Wed Feb 22 1989 15:55 | 8 |
| re .1 I agree, depending on just a process name isn't security at all,
but its better than nothing. Having something that was secure
would be infinitely preferrable.
A more general question: Is pausing a session overnight ( especially
by a priv'd user ) a significant securoty risk? Should we 'encourage'
our users not to do this?
|
| 269.4 | | ATSE::DAVIDSON | | Wed Feb 22 1989 17:44 | 12 |
| re .3
I'd say if you have lost physical security of your hardware you
might as well give up. Having a long enough password should keep
someone from just walking up and using your system but if they know
how to press the halt button you have lost the world anyway if it
is a standalone machine. If it's in a LAVC then you should not
allow conv_boot and that will make the system useless if someone
just halts it.
Sean
|
| 269.5 | | VWSENG::KLEINSORGE | Toys 'R' Us | Thu Feb 23 1989 10:43 | 7 |
|
I repeat, adding this is a gaping and huge security hole. And if
you can't figure out *why* then I'll wait for the feature and break
into *your* account.
|
| 269.6 | | PSW::WINALSKI | Paul S. Winalski | Thu Feb 23 1989 17:14 | 10 |
| A program that can talk to the server can tell if the session is paused by
locating the session manager's pause window and seeing if it is mapped and
visible. This is how my modified fish and kaleidoscope programs implement the
-p (draw into the session manager's pause window) and -h (hibernate when the
session is paused) options.
I fail to see how this constitutes a security hole of any sort.
--PSW
|
| 269.7 | Cost Center manager's problem not the system manager's | TOHOKU::TAYLOR | | Mon Feb 27 1989 12:08 | 15 |
|
re: .0 no way for the system manager to tell if it is paused or
not ( i.e. security paranoia ).
I can only assume that you have either chained your system manager
to a desk or that you physically secured the workstations from
access.
Leaving terminals, and now workstations, active is a people
problem best solved by having someone walk around and see who is
leaving their terminals active and then taking the appropriate
"educational" actions.
mike
|
| 269.8 | Can PAUSE be disabled? | TFH::MCGUIRE | Software Driven | Mon Feb 27 1989 16:28 | 13 |
| On a different but related topic:
Is there any way to DISABLE the pause session feature for all
users?
( Our problem is we have several users who 'reserve' common-use
work-stations by logging in and entering 'pause' mode while
at lunch, meetings, etc. )
-Gerry
|
| 269.9 | | KONING::KONING | NI1D @FN42eq | Mon Feb 27 1989 17:07 | 6 |
| The Reboot button would take appropriate care of such people. (Or you might
try typing random passwords a lot of times and letting breakin evasion
disable their account...)
paul
|
| 269.10 | Try *PauseButton.sensitive: False | MCNALY::MILLER | Bush For President...Kate Bush! | Mon Feb 27 1989 17:17 | 11 |
| or something like it...I haven't tried it but I used to have the following to
disable VUE (*before*VUE got so good ;) because I kept accidentally bringing
up VUE when I really wanted another DECterm:
*VueButton.sensitive: False
(in decw$xdefaults.dat)
Regards,
== ken miller ==
|