Conference bulova::decw_jan-89_to_nov-90

2597.0. "Killing SESMGR opens up PAUSED workstation" by CSC32::T_LONGBOTHAM (Clatu berrada nictu, Gort!) Wed Apr 11 1990 10:37

I have a customer that is unhappy with the fact that when the session
manager is killed that this opens up all windows even though the workstation
had been paused.  In his case, the system manager killed the session manager
so that the UAF could be moved.  He feels that this is something of a security
hole and would like to have me make the developers aware of the situation
and find out if there is anything that can be done.  I pointed out that this
could only be done by a suitably privileged process and that that process
had the system by the throat anyway.  He agreed and was resigned to the
possibility that there might not be anything that could be done but asked
that I make the developers aware of his concerns anyway.  I decided the
best way to do this would be through this notes conference.  Any comments,
ideas, or suggestions would be very much appreciated.

					Regards,
					-Tom

I don't know that there is much to be said or done about this.  The session mgr
is what implements pause.  If you stop it, it goes away.  Pause is essentially
a new feature.  If he wants to get back to the old (and in his opinion more
secure) way of doing business, then he has to tell everyone to log out rather
than pause.

Burns

RE: .0

>In his case, the system manager killed the session manager
>so that the UAF could be moved.

I don't understand why the session manager had to be killed to move the UAF.


Basically, this is a case of "Doctor, it hurts when I shoot myself in the foot."

--PSW