[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:	OLD ALL-IN-1 (tm) Support Conference
Notice:	Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:	IOSG::PYE

Created:	Thu Jan 30 1992
Last Modified:	Tue Jan 23 1996
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4343
Total number of notes:	18308

2794.0. "Security Question (again)." by KAOFS::R_OBAS () Wed Jun 02 1993 18:09

    
     Hello,
       I read a note way back regarding security in DRM. If a user have
    VMS privs (bypass,sysprv) such user can read mail/documents even if
    this user(s) was not granted access to any drawer(s).
    I had explained to my customer ( I think I gave him a good explanation)
    about giving privs to users. He's not happy. In the past he said this
    was not a problem because there was no DRM in V2.4.
      Does anyone have a better explanation aside from "You do not give
    questionable users these priviledges." 
    
     Thanks,
     ricardo

T.R	Title	User	Personal Name	Date	Lines
2794.1	Always could do it	CHRLIE::HUSTON		`Wed Jun 02 1993 18:50`	11
	If they have bypass and/or sysprv they always could read anything they wanted, they simply had to set default to the VMS directory then type the files. If you can't trust the user, take away the privs, or as Graham put it in another note, use the "salary continuation method" (sorry if I misquoted you Graham) --Bob
2794.2	It was in V2.4 under another name	IOSG::MAURICE	Night rolls in, my dark companion	`Wed Jun 02 1993 19:14`	5
	And in V2.4 the equivalent functionality was called "NEWDIR"!! Cheers Stuart
2794.3		KAOFS::R_OBAS		`Wed Jun 02 1993 22:17`	8
	re:.1 I believe that is what I said in .0. And I agree 100%. If you don't trust the user.... It's one of those customers that (I am customer I am right attitude). t.y.
2794.4	There is always a way ...	BRUMMY::MARTIN::BELL	Martin Bell, NTCC, Birmingham UK	`Thu Jun 03 1993 08:53`	12
	Sounds like a wonderful opportunity to sell some consultancy to customise the DRM forms to do extra checking. If written well then maybe the code could be made into an ASSET! Of course, it would be the System Manager who makes this code live, but surely you can trust him/her ;-) Or maybe if this is a security concious site, maybe you want to re-classify the System Management role into an Administrator role and disable interactive access to the ALLIN1 account? mb
2794.5	It's all down to how easy it is to be naughty	IOSG::SHOVE	Dave Shove -- REO2-G/M6	`Thu Jun 03 1993 12:26`	10
	While all this is true, thre's no doubt that DRM makes it easier for a not very skilled manager to see other users' documents. It does sound as though it might be worth customising DRM, as .4 suggests. But the customer _must_ be made aware that this would merely make it more difficult for the manager to see other users' stuff; it would _not_ make it impossible. (Otherwise we could get into trouble later). Dave.
2794.6	an update	KAOFS::M_BARNEY	Formerly Ms.Fett	`Thu Jun 03 1993 22:05`	37
	I've taken on Ricardo's call, and had a long chat with the customer. I think we've both been rationalizing "our views" on this and are coming from two opposite directions, My view (with the help of the previous replies here) - VMS and most things layered on it are not secure from a privileged user. - As long as the user has sysprv, bypass reading "private" material within ALL-IN-1 has always been possible. Newdir in V2.3,V2.4 or with DRM in V3.0. - one should not give unsophisticated or untrustworthy user these privs. - V3.0 CM has been expanded such that many many applications can be developed within the A1 platform, and within its "privilege jurisdiction" so that there is little need for these kind of powerful "blanket" vms privs. Customer's View: - VMS privileges granted to users who are working on applications totally outside of ALL-IN-1, but need to have access to ALL-IN-1 for communication purposes. - Because of DRM it is EASIER for a less-sophisticated user (with those privs) to select and read another's mail. - Customer's management now has the impression of a less secure ALL-IN-1 system than they first imagined it would be. - Why was this "security hole" not specifically mentioned in the documentation. - customer is surprised that this was not brought up by more of the customer base. Bottom line; he would like someone (read: someone to be an official Digital Voice on this) to write up something about this so that he can make his management understand our point of view on this. Volunteers? 8-) Monica
2794.7		FORTY2::ASH	Grahame Ash @REO	`Fri Jun 04 1993 13:56`	20
	> <<< Note 2794.6 by KAOFS::M_BARNEY "Formerly Ms.Fett" >>> > -< an update >- > Customer's View: > - VMS privileges granted to users who are working on applications > totally outside of ALL-IN-1, but need to have access to > ALL-IN-1 for communication purposes. The way we've approached this on our (internal Digital) system, is that people who need privileged accounts have 2 accounts. Possibly your customer could do something similar - users could then have ALL-IN-1 access only from their unprivileged account. > - Why was this "security hole" not specifically mentioned in > the documentation. Historically, we've always tried to avoid documenting 'security holes'!! But yes, perhaps users could have been warned about possible surprises. grahame
2794.8	closed the call	KAOFS::M_BARNEY	Formerly Ms.Fett	`Mon Jun 07 1993 16:24`	4
	I made the suggestion to him of 2 accounts (he liked that one) and we decided that an SPR would be appropriate. Monica
2794.9	More info	SWAM2::RHODEWALT_BR	Read. Reply. Repeat.	`Thu Sep 02 1993 19:45`	2
	Don't miss TR's discussion of this on p. 121 of "Managing and Programming in V3.0."