HP3000-L Archives

April 1997, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: POSIX/MPE security inconsistencies
From:
"Stigers, Gregory - ANDOVER" <[log in to unmask]>
Reply To:
Stigers, Gregory - ANDOVER
Date:
Thu, 3 Apr 1997 18:12:03 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (70 lines) 
Oh, well, not everyone enjoyed the extended metaphor... Good thing I
included the stddisclaimer.

I by no means wish to cast aspersions on VeSoft's fine products, all
three of which we have and use, and which are (if I may continue to
invoke religious metaphors) one of the trinity of must-have utilities
for the HP 3K. I do wish that I could find more about how to use MPE
security for all it's worth (like one can find on how put bars over the
holes in UNIX 'security'), and then how to complement that with SECURITY
/ 3000. I do have a problem with IT people who never learn to use what
their OS gives them for the taking, but I digress.

What I was referring to was the danger of using any of the GOD utilities
as a substitute for security that lets you have everything that you need
and nothing more. The aforementioned defunct company had GOD in the
logon UDCs and job streams because no one had taken the time to learn
how to use ACDs or any other non-default configuration to control
access. They hoped that no one noticed that they had god-like powers,
because they literally could not run the day to day applications without
crossing account boundaries, and therefore could not run without the
aforementioned utility in the logon UDCs. I tried to remove it from a
single user in a minor account, and the result were such that I was told
in no uncertain terms never to even try that again. I tried to ADD an
ACD granting such access to a user in another account, and got written
up for it. Sheesh.

Opinions are mine.

>----------
>From:  Jim Phillips[SMTP:[log in to unmask]]
>Sent:  Thursday, April 03, 1997 1:57 PM
>To:    Stigers, Gregory - ANDOVER
>Cc:    HP3000-L
>Subject:       Re: [HP3000-L] POSIX/MPE security inconsistencies
>
>I wrote:
>
>>Just buy a VESOFT product and use GOD :-)
>
>On Thu, 3 Apr 1997 12:15:56 -0500, "Stigers, Gregory - ANDOVER"
><[log in to unmask]> writes (in response to my one-liner):
>
>>I call such programs Satan.
>>
>>Consider my experience with a previous company (now liquidated): this
>>fruit makes one like God (but not God), granting one the knowledge of
>>good and evil. Having eaten it, they knew that they were naked, and,
>>based on their response when this was pointed out, were ashamed, and
>>tried to hide and take measures to cover their nakedness. These fig
>>leafs (use of a lockword that they then embedded in job streams and
>>account UDCs) proved inadequate. They therefore were cast out of the
>>garden of a secure system, to bring forth new programs only with great
>>pain, and to sweat for their bread on a system that frequently yielded
>>thorns and thistles instead of information. Then one day, they died.
>>
>>Good thing that this text is in the public domain.
>>
>>Opinions are mine.
>
>Whoa!  That one was way over my head!  Does anyone have an idea of
>what's going on here?  Gregory, are you casting aspersions at VESOFT?
>I may be incredibly dense, but I'm lost!
>
>Jim Phillips                           Manager of Information Systems
>E-Mail: [log in to unmask]     Therm-O-Link, Inc.
>Phone: (330) 527-2124                  P. O. Box 285
>  Fax: (330) 527-2123                  Garrettsville, Ohio  44231
>
>

ATOM RSS1 RSS2