HP3000-L Archives

December 1998, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Is this a serious security problem for anybody else??
From:
David Butt <[log in to unmask]>
Reply To:
David Butt <[log in to unmask]>
Date:
Fri, 18 Dec 1998 16:27:15 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (11 lines) 
First point is that we think we have found a major security breach in MPE/POSIX.
We are working in a mixed POSIX/MPE environment and we have found that the only way to get the permissions you need for team software development is to grant AM Capabilities to all (4) developers. Then we found that, for AM capable users, MPE does not honor write protections set on the POSIX side. It does unpredictable things too, like destroying files that we should not be able to write to.

Our specific problem became apparent when we tried to implement RCS (and I would expect the same problems to exist in any Revision Control System). The security incompatibilities (at AM level) will surely affect a broad spectrum of applications environments because any protections set on the POSIX side become active land mines for an unwary AM on the MPE side.
==================================================
Second point is that we still need to implement some kind of Revision Control System in the joint POSIX MPE environment.
Does anybody out there have experience using a POSIX Revision Control System  under MPE.
===================================================

David Butt

ATOM RSS1 RSS2