Re: VMS 4.4 and file security
- From: "Mr. Question" <Question@xxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 15:18:38 -0500
"Rob Brown" <mylastname@xxxxxxxx> wrote in message
It doesn't sound like the kind of thing you would do in plain-vanilla
VMS. Perhaps there was some student file system set up that you were
manipulating.
I don't think so, but I'm not quite sure what you are meaning.
If you did a 'dir DUA0:' (or whatever the vms command is), you could see the
whole directory structure, including (eventually) our 'Students' section of
the files.
Of course, doing that you couldn't gain access to any files or directories
that were blocked. You could just follow the readable, publicly accessable
directory structure. You still didn't have permission to read anybody
else's files or poke into their private directoires.
But the way I did it, I did read somebody else's files.
(Well, actually it was 'my' files.... There were several dozen unused
accounts for students that never showed up, and since they all used the same
initial password, I just commandered a few extra accounts to play with. So
I wasn't playing around with anybody else's important files.)
But, yes, in Plain Vanilla VMS, you *can* edit your directory file and
change the file IDs, but it would be easier with a binary editor than
a text editor. A few lines of directory in a text editor looks like
this:
I don't know what editor I used. Doesn't really matter because the result
was the same.
<<LF>^@^@<LF>ACNTRN.SYS^A^@¹^@I^@^@^@
<LF>^@^@ AFTER.TXT^@^A^@So!^@^@^@
<LF>^@^@^UALARM_I80.TPU$JOURNAL^@^A^@Pi^X^@^@^@
In these examples (it can be more complicated), the file ID and
sequence number information are at the end of the line. In addition
to being able to interpret the directory format and and convert binary
to the appropriate ASCII, you would also have to know the File-ID etc
of the target file.
Or figure out that of the directory, and then read that. Take the pointers
and put them into my fake file pointer and read the file header thingie that
I don't normally have access to, get the file id and stuff there and then
poke that back into my fake file and then I have access to a file that I
shouldn't have access to.
It is much easier to just type
$ SET FILE/ENTER=[]NEWPOINTER.DAT -
[MYFRIENDSDIRECTORY]MYFRIENDSFILE.DAT
To do this, you need to have read permission to your friend's
directory.
I don't know that command, but I didn't have access to his directory.
Was that a gaping hole in the file security?
Well let's check to see what you have accomplished?
You have an entry in your directory that references your friend's
file. Can you read the file? Only if you have been given permission
to do so.
So is it a security problem? NO.
I didn't have permission. But I did read it.
It was a simple test file, but I could access it.
Was that system simply set up wrong?
Perhaps.
Or perhaps you were expected to be able share files.
Nope. No sharing was allowed. Or at least things were set up so we thought
we couldn't. We could see other people's main directory name, but we
couldn't go in there.
I suppose it's possible that the directory structure for "Students" was set
so we couldn't read them, but that the files were set so we could if we knew
the filename? Doesn't make too much sense, but it might explain things.
Actually, you did not report that you could read your friend's files,
just that you could create directory entries to them in your own
directory.
Sorry. Guess I should have written my original message better. Yes, I was
able to read the file.
It was just a simple test file. Nothing major. But I shouldn't have been
able to read it.
I did know the file ID etc. stuff, so I did know where to point my fake file
to.
But I think I could have done the same kind of thing by pointing it to an
upper directory that I had access to. Directories were just files.
I just point mine to the directory and read it. I get the file id stuff for
the directory I can't access. I put that into my fake file and I can
suddenly read the file header as an actual file. I get the info from there
and plug it into my fake file and I've suddenly bypassed the file permssions
and can now read my 'own' file.
But some of that is speculation and fuzzy memory. I don't remember how far
I went or the exact steps I used.
Would I have been able to point my file header anywhere into the
system? Even into the system files and directory structure?
To anything on the same disk as your directory, you could. But it
doesn't matter. You still would not be able read files that you are
not allowed to read.
I did.
Since I don't really want to set up a VMS emulator and learn how to
mess with it and configure it and install the tools etc., just to
find out, I thought I'd ask.
For free VMS systems where you could experiment, try
telnet://eisner.decuserve.org/
telnet://deathrow.vistech.net/
It's been 20 years. I barely even remember how to *spell* VMS...[grin]
Thanks for the links, but I've forgotten nearly everything about VMS that I
knew. That's one of the reasons my messages are so fuzzy. I'm having a lot
of trouble remembering details and even the proper vms terminology.
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
.
- Follow-Ups:
- Re: VMS 4.4 and file security
- From: Bob Koehler
- Re: VMS 4.4 and file security
- From: Rob Brown
- Re: VMS 4.4 and file security
- References:
- VMS 4.4 and file security
- From: Mr. Question
- Re: VMS 4.4 and file security
- From: Rob Brown
- VMS 4.4 and file security
- Prev by Date: Re: VMS 4.4 and file security
- Next by Date: Re: VMS 4.4 and file security
- Previous by thread: Re: VMS 4.4 and file security
- Next by thread: Re: VMS 4.4 and file security
- Index(es):
Relevant Pages
|
