Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!TAMVENUS.BITNET!SMH1420
From: SMH1420@TAMVENUS.BITNET.UUCP
Newsgroups: mod.computers.vax
Subject: VMS Virtual Terminal Security Considerations
Message-ID: <8612131527.AA10588@ucbvax.Berkeley.EDU>
Date: Fri, 12-Dec-86 12:45:00 EST
Article-I.D.: ucbvax.8612131527.AA10588
Posted: Fri Dec 12 12:45:00 1986
Date-Received: Mon, 15-Dec-86 22:35:43 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 27
Approved: info-vax@sri-kl.arpa

>      Also, what are the disadvantages (system security wise) of Virtual
>
> terminals?

Many people have asked the same question about the security disadvantages
of virtual terminals.  Since the only way to re-connect to a disconnected
terminal is to have the correct/username password or suitable privileges (I
believe that CMEXEC would be required - to modify the process header
UIC or USERNAME fields)  the level of security on your system should be the
same as if you did not use virtual terminals.  The only possible exception I
can think of would be, for example, if someone had removed some level of
security within a login, disconnected, and then someone else re-connected (for
instance:  Top Dog opens classified file after decrypting with VAX ENCRYPTION
and then disconnects.  Later his secretary [with his password] reconnects and
may view the file because he did not re-encrypt).

Virtual terminals can be a nice feature of VMS, but can also be easily used
improperly.  If you set the default timeout in sysgen to longer that 15 min
(TTY_TIMEOUT = 900 seconds) you may end up with many disconnected processes
on your system.  A solution (if you wanted longer disconnect time - or only
certain users to access virtual terminals) would be to enable virtual
terminals, and then SET TERMINAL/NODISCONNECT on terminals you want to exclude
from virtual terminal capability (there are other ways to do this also e.g.
TTY_DEFCHAR in sysgen etc...)

Steve Hicks
SMH1420@TAMVENUS.BITNET