Re: VMS 4.4 and file security



On Tue, 29 Aug 2006, Mr. Question wrote:

"Rob Brown" <mylastname@xxxxxxxx> wrote in message

You have an entry in your directory that references your friend's file. Can you read the file? Only if you have been given permission to do so.

So is it a security problem? NO.

I didn't have permission. But I did read it.

Unless you actually displayed the permission bits and owner using the appropriate DIRECTORY command, you don't know that you didn't have permission. And 20 years down the road it is too late to check. As AEF pointed out, your friend's directory could have been protected, but the files could have been unprotected.

In my previous example, the [SECRET] directory was readable, but the file in it was not. I was able to put an entry in my personal directory that pointed to the protected file. But since I did not have permission to read the file, I could not.

I have changed the protection on the file to make it readable by anybody. But I have also changed the protection on the directory so that nobody can read the directory except the owner. So now we have this:

$ dir [secret]
%DIRECT-E-OPENIN, error opening DISK$8:[SECRET]*.*;* as input
-RMS-E-PRV, insufficient privilege or file protection violation
$ type [secret]manhattanproject.txt
%TYPE-W-SEARCHFAIL, error searching for
DISK$8:[SECRET]MANHATTANPROJECT.TXT;
-RMS-E-PRV, insufficient privilege or file protection violation
$ type stolensecret.txt
bomb
$

So it *looks* like I am reading a file that I don't have permission to, but in fact I *do* have permission to read the file:

$ dir/sec stolensecret.txt

Directory DISK$8:[BROWN]

STOLENSECRET.TXT;1 [SYSTEM] (,RWED,,RWED)

Total of 1 file.

That second RWED means that *anybody* can Read, Write, Extend, or Delete the file. [SYSTEM] means that the file is owned by user [SYSTEM] and not by me ([BROWN]).

I suppose it's possible that the directory structure for "Students" was set so we couldn't read them, but that the files were set so we could if we knew the filename? Doesn't make too much sense, but it might explain things.

Sure we could do that too. I can change the protection on the [SECRET] directory so that it can't be searched, but so that it *can* be used to reference filenames known by the user.

$ dir [secret]
%DIRECT-E-OPENIN, error opening DISK$8:[SECRET]*.*;* as input
-RMS-E-PRV, insufficient privilege or file protection violation
$ type [secret]manhattanproject.txt
bomb

But I think I could have done the same kind of thing by pointing it to an upper directory that I had access to. Directories were just files.

I just point mine to the directory and read it. I get the file id stuff for the directory I can't access. I put that into my fake file and I can suddenly read the file header as an actual file. I get the info from there and plug it into my fake file and I've suddenly bypassed the file permssions and can now read my 'own' file.

I doubt it. Perhaps the unspecified bug that John Briggs alluded to was this very behaviour. If so it would have been a shortcut added on purpose without thinking through the consequences, and obviously removed they realized their error.

And of course, it is not "your own file". You just have an entry for it in your directory file.

Maybe someone with a V4.4 hobby system can try this.

I'm having a lot of trouble remembering ... the proper vms terminology.

No comment. ;-)


--

Rob Brown b r o w n a t g m c l d o t c o m
G. Michaels Consulting Ltd. (780)438-9343 (voice)
Edmonton (780)437-3367 (FAX)
http://gmcl.com/

.



Relevant Pages

  • Re: Dumbeldore the secret keeper blabbed- what happens?
    ... So DD identifies the place, aloud, in front of the greedy Dursleys. ... when the secret keeper dies the secret goes to ... 12 GP is now owned by Harry. ... give the Order permission to continue using it, ...
    (alt.fan.harry-potter)
  • Re: Mailinglist privacy: MY NAME ALL OVER GOOGLE!
    ... Do you think that subscribers would refuse to grant permission to have ... archiving posts without their permission? ... It doesn't have to be a secret; subscribers must still agree to it. ...
    (freebsd-questions)
  • Re: NSA,Windows, etc.
    ... Microsoft had to get export permission (and thus NSA ... not only secret it is TOP SECRET. ... Has Microsoft advertised for people having a Top Secret ...
    (sci.crypt)
  • Re: RAM chat
    ... > If the channel wasn't a big secret, ... > trouble of emailing for 'permission' to join, ...
    (rec.arts.mystery)