Re: BYPASS privilege !!

---

• From: AEF <spamsink2001@xxxxxxxxx>
• Date: Tue, 12 Jun 2007 06:10:02 -0700

---

On Jun 11, 8:05 pm, Baxt...@xxxxxxxxxx wrote:
[...]

This being the case, then there are really only three objectives
which we can aim for;

1. Lock down your executables, scripts and data as securely as
possible.
however if someone still manages to cause malicious damage, then;
2. be able to determine, after the fact, exactly what was done to
your App, or Data, and be able to recover from it.
and,
3. To be able to determine, again after the fact, exactly who did
it.

As far as SOX is concerned, they are primarily interested in objective
#2. However objective #3 is still important if you want to avoid
it happening again.

Hmmm. I'd've thought that #3 would be pretty important to SOX:
accountability.

Recovery after damage can be done (in our case) using the capabilities
of RMS journaling, however the ability to acheive objective #3 depends
on how you impliment Objective #1.

Obviously, Identifiers and ACL's provide a way to lock down the files
and directories which make up the application, and the UAF provides
the means to control the app users.

Equally obvious, to a user with BYPASS privilege, it matters not how
well you lock down the security on your app, since BYPASS by
definition, will bypass all system security. Once the app is
properly secured, then the only way for a non-application, privileged
username to access the application directories or files is either to
grant themselves the necessary identifiers, or use BYPASS to bulldoze
their way in. Both of these actions, (and most other discrete
attempts) can be recorded in the Security Audit Journal.

If you have SYSPRV you could give yourself BYPASS in about a minute.

Even with just SYSPRV you can delete most system files if they have
their default protections.

However, If there happen to be multiple Administrators, all using the
SYSTEM account for their admin duties. How do you determine who
did what?

I know this sounds fairly paranoid, and for people running 2- and 3-
tier apps, this all sounds a bit weird, but we are just running
through (a few of the endless number of) options.

1. Give each admin a personalized admin account with no BYPASS (and
maybe other privs also)
2. Lock down the SYSTEM account for use only when carrying out
Maint, Upgrades or Patching.
3. Enable auditing of Privilege use and UAF modification.

Final comment, I could present an endless number of scenarios which
represent risk, and for each one, someone would come up with a
solution. However the solution always comes after the
solution.

Say what?

We are not asking for solutions, we are merely asking if
anyone knows the answers to the two simple questions,

1. Does anyone know of any function, particularly during system
startup, which "absolutely" requires BYPASS" privilege.

ANAL/DISK/REPAIR:

NOPRIVDIRSUM, some directories protected against access cannot
recover lost files

Facility: ANALDISK, Analyze/Disk_Structure Utility

Explanation: During the directory scan, the utility could not read
a
directory because of a privilege error (for example,
the user
running the utility lacked sufficient privileges).
Since the
utility's method of determining whether a file is lost
is to
scan all directories for the file, the utility's list
of lost
files is incorrect. Therefore, no attempt will be made
to
retrieve lost files.

User Action: Assign yourself BYPASS privilege and rerun the
utility.

If you have TCPware (v5.3-3) you need BYPASS to shut it down, though
it seems to work without it, at least on my systems.

Depending on which version of VMS you're running, file restores could
go a lot more easily with BYPASS (think write-protected directories)
but of course there is more danger, but restores are always
potentially dangerous.

2. Does anyone know of any Admin function which "absolutely"
requires the SYSTEM account.

thanks.

Dave.

[...]

AEF

.

---

• Follow-Ups:
  • Re: BYPASS privilege !!
    • From: AEF

• References:
  • BYPASS privilege !!
    • From: BaxterD
  • Re: BYPASS privilege !!
    • From: JF Mezei
  • Re: BYPASS privilege !!
    • From: Richard B. Gilbert
  • Re: BYPASS privilege !!
    • From: BaxterD

• Prev by Date: Re: BYPASS privilege !!
• Next by Date: Re: Story Time
• Previous by thread: Re: BYPASS privilege !!
• Next by thread: Re: BYPASS privilege !!
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: BYPASS privilege !! ... your App, or Data, and be able to recover from it. ... will bypass all system security. ... Enable auditing of Privilege use and UAF modification. ... retrieve lost files. ... (comp.os.vms) Re: BYPASS privilege !! ... startup, which "absolutely" requires BYPASS" privilege. ... The breakin evasion case is the only proper requirement for the SYSTEM ... (comp.os.vms) Re: BYPASS privilege !! ... startup, which "absolutely" requires BYPASS" privilege. ... The breakin evasion case is the only proper requirement for the SYSTEM ... (comp.os.vms) Re: Restricting access to directory. ... > There is no way to protect a file from an account holding BYPASS ... BYPASS means that all file protection is ignored. ... > the entire purpose of the privilege. ... The security system will only use BYPASS as a last resort, ... (comp.os.vms) Re: Lathe door interlock ... Installed MANY MACHINE TOOLS, They all had some way to bypass the ... I can easily just unscrew the Plate and disable the whole Lock ... switch or a soft key setting. ... (alt.machines.cnc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)