[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Bug in Logging in to Secure Servers?

To: SLUG@WARBUCKS.AI.SRI.COM
Subject: A Bug in Logging in to Secure Servers?
From: David Mittman <DMittman%sarg-uranus.jpl.nasa.gov@RELAY.CS.NET>
Date: Wed, 8 Nov 89 15:15:00 EST
In-reply-to: <19891108200034.5.GOOCH@KANGCHENJUNGA.ACA.MCC.COM>

    Date: Wed, 8 Nov 89 14:00 CST
    From: William D. Gooch <ai.gooch@MCC.COM>

    I don't know for sure, but I would think that this is the desired
    behavior, since Symbolics ACLs are good for protection from network
    access only, and it's documented that anyone logged into a file server
    can access anything in its file system.  Hence, allowing remote login
    onto a "secure" server would effectively render ACLs useless.

I don't believe that "remote logins" are actually being used. The file
server contains the lispm-init and personal files of many people who often
sit at these other consoles (Symbolics). It is when the attempt to login
(read lispm-init file from server) that they are prompted for passwords,
etc. Hence, they are not logging in to the server, but just using the
server's LMFS.

					- David Mittman
					  DMittman@SARG-Uranus.JPL.NASA.GOV

References:
- A Bug in Logging in to Secure Servers?
  - From: "William D. Gooch" <ai.gooch@MCC.COM>

Prev by Date: A Bug in Logging in to Secure Servers?
Next by Date: Editting ACLs
Previous by thread: A Bug in Logging in to Secure Servers?
Next by thread: A Bug in Logging in to Secure Servers?
Index(es):
- Date
- Thread