--- wpe101(a)banet.net wrote:
As memory (dimly) serves me, under VMS, any userid
with "SETPRV"
capabilities
Oh, yeah. That's the ticket!
would do it. There were some other priviledges, that,
if carelessly granted,
could enable a user to gain control of a system. IIRC, SYSNAM was one of
them.
My "favorites" are BYPASS and CMKRNL. BYPASS does just that: bypasses all
UIC-based checking - reads, writes, deletes, etc. It's handy when you need
to delete a directory tree, but it's a dangerous one to leave on by default.
My typical scheme is to leave BYPASS _disabled_ for the SYSTEM account asa
default priv. CMKRNL allows your process to execute a "change mode to kernel"
call, which allows you to read and write physical memory. With this priv,
a malicious programmer can write code to peek at the process headers of other
processes on the system (like a "who" command would) or even tweak their own
header bits, possibly granting themselves permissions or changing their
effective user name. I used to have programs in C and FORTRAN to do all these
things, but they only work on pre-VMS-5 releases (and I didn't write them; I
inherited them when I took over a VAX-11/750 w/Fuji Eagle, running VMS 4.2
about 13 years ago).
-ethan
=====
Infinet has been sold. The domain is going away in February.
Please send all replies to
erd(a)iname.com
__________________________________________________
Do You Yahoo!?
Bid and sell for free at
http://auctions.yahoo.com