HP3000-L Archives

April 2004, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: EOF's on hpuid and command files
From:
Mike Hornsby <[log in to unmask]>
Reply To:
Mike Hornsby <[log in to unmask]>
Date:
Fri, 2 Apr 2004 16:30:35 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (149 lines) 
Donna Garverick  wrote:
> i must be missing something....  i don't see the benefit of running
> buldacct out to temporary files...
>
> however this does work:
>
> !buldacct '@'
> !altsec buldjob1;access=(r,l,x,w,a:CR)
> !altsec buldjob2;access=(r,l,x,w,a:CR)

then Art Bahrs wrote:
> You are right... the file given what you did with the rights will be
> secure .... given MPE's security.

I must respectfully disagree. If buldacct aborts and the job flushes, or the
job is aborted externally
while buldacct is executing, you could be left with a *very* dangerous
unprotected file.
If you require a permanent file, I would suggest some other name besides the
default file names and the following:

!build dirsav1;rec=-80,,f,ascii;disc=26843545
!altsec dirsav1;access=(r,l,x,w,a:CR)
!file buldjob1=dirsav1,old;dev=disc
!build dirsav2;rec=-80,,f,ascii;disc=26843545
!altsec dirsav2;access=(r,l,x,w,a:CR)
!file buldjob2=dirsav2,old;dev=disc
!buldacct '@'

Mike




----- Original Message -----
From: "Art Bahrs" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, April 02, 2004 3:21 PM
Subject: Re: [HP3000-L] EOF's on hpuid and command files


> Hi Donna :)
>     You are right... the file given what you did with the rights will be
> secure .... given MPE's security.
>
>     But....
>
>    Any terminal/PC that is logged on with manager.sys capabilities is an
> access point... especially when said device doesn't have the authorized
> user in front of it!  The best locks in the world only work when the user
> remembers to use them!
>
> Art "why yes, I am paranoid! hehe" Bahrs
> P.S. but that doesn't mean "They" aren't out there to get me! hehe
>
> =======================================================
> Art Bahrs, CISSP           Information Security          The Regence Group
> (503) 553-1425              FAX (503) 553-1453
>
>
> |---------+-------------------------------->
> |         |           "donna garverick"    |
> |         |           <donna_garverick@yaho|
> |         |           o.com>               |
> |         |           Sent by: "HP-3000    |
> |         |           Systems Discussion"  |
> |         |           <[log in to unmask]
> |         |           DU>                  |
> |         |                                |
> |         |                                |
> |         |           04/02/2004 11:19 AM  |
> |         |           Please respond to    |
> |         |           i_hate_spam          |
> |         |                                |
> |         |           |-------------------||
> |         |           | [ ] Secure E-mail ||
> |         |           |-------------------||
> |---------+-------------------------------->
>
>---------------------------------------------------------------------------
-----------------------------------------------|
>   |
|
>   |      To:    [log in to unmask]
|
>   |     cc:
|
>   |     Subject:      Re: [HP3000-L] EOF's on hpuid and command files
|
>
>---------------------------------------------------------------------------
-----------------------------------------------|
>
>
>
>
> --- Mike Hornsby <[log in to unmask]> wrote:
> > I would strongly recommend adding step #7 as BULDJOB1 will contain
> > clear text passwords for every ACCOUNT, GROUP, and USER.
> > Purge BULDJOB1
> > Purge BULDJOB2
> >
> > IMHO, A better method would be to execute the following prior to
> > running
> > BULDACCT to avoid an accidental security problem:
> > Purge BULDJOB1
> > Purge BULDJOB2
> > file BULDJOB1;temp
> > file BULDJOB2;temp
>
> i must be missing something....  i don't see the benefit of running
> buldacct out to temporary files...
>
> however this does work:
>
> !buldacct '@'
> !altsec buldjob1;access=(r,l,x,w,a:CR)
> !altsec buldjob2;access=(r,l,x,w,a:CR)
>
> this is a snippet from one of my jobs (that runs as manager.sys).  both
> files are secure.              - d
>
> =====
> Donna Garverick     Sr. System Programmer
> dgarverick -at- longs -dot- com
> 925-210-6631        Longs Drug Stores
>
> Come, my friends, 'Tis not too late to seek a newer world.
> Tho' much is taken, much abides; and tho'
> We are not now that strength which in old days
> Moved earth and heaven, that which we are, we are.
> "Ulysses", A. Tennyson
>
> >>>MY opinions, not Longs Drug Stores'<<<
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway
> http://promotions.yahoo.com/design_giveaway/
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2