[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

1364.0. "Protection on MFD and ALL-IN-1 Image" by MIMS::BEKELE_D (My Opinions are MINE, MINE, all MINE!) Fri Sep 04 1992 17:53

    Hello,
    
    Would appreciate an explanation for the following behavior:
    
    > the "world" has no access to the 000000.dir file where
      user's ALL-IN-1 directory resides on,
    > when the user logs into ALL-IN-1 for the first time after 
      logging to VMS, user gets protection error on ACTITEM.DAT,
    > user exits ALL-IN-1 (in and out) and gets back into ALL-IN-1
      no protection error on ACTITEM.DAt is generated.
    
    Where does the user's process get the necessary privilege to 
    not generate the error? 
    
    Thanks!
    Dan
    
    note: when the "world" has "execute" protection on 000000.dir
          the above behavior is not noticed.
T.RTitleUserPersonal
Name		DateLines
1364.1VMS 'feature' ...AIMTEC::VOLLER_IGordon (T) Gopher for PresidentFri Sep 04 1992 18:1416
    Dan,
    
    	Once a file has been successfully accessed by VMS (via ALL-IN-1
    	privileges for example) then information about the file (File Id
    	etc) is cached by the file system.
    
    	Subsequent accesses of the file are able to bypass the normal
    	security checks of each intervening directory file (as if the
    	file was accessed directly by File Id). 
    
    	In this case the only security check is on the file itself. In
    	the example you have given than VMS is correct to allow access.
    
    Cheers,
    
    Iain.
1364.2Not considered a security problem by VMSIOSG::TALLETTArranging bits for a living...Mon Sep 14 1992 10:3610
    
    	This has been discussed a lot in more VMS specific notesfiles
    	and is NOT considered a security problem. In short, the official
    	line is that you should not try to protect files by protecting
    	the directories they belong to, as anyone can access the file
    	by file-id and bypass the directory completely. The only safe way
    	to protect a file is to protect it, not its directory.
    
    Regards,
    Paul