Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!rutgers!ucla-cs!zen!ucbvax!WOLFGANG.MITRE.ORG!psw
From: psw@WOLFGANG.MITRE.ORG (Phil Wherry)
Newsgroups: comp.os.vms
Subject: RE: General ID to generate specific ID
Message-ID: <8707250522.AA20707@wolfgang.mitre.org>
Date: Sat, 25-Jul-87 01:22:32 EDT
Article-I.D.: wolfgang.8707250522.AA20707
Posted: Sat Jul 25 01:22:32 1987
Date-Received: Sat, 25-Jul-87 17:58:44 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 26

A followup to Mary Bainter's message about using CMKRNL to change UICs
on a process to set up "subaccounts"...if this is to be done at all, it
should be done from an image installed with privilege (and appropriate
internal controls)...NOT via the authorized privilege mask in the UAF.
If a user has CMKRNL, they can access anything without regard to protection
if they put enough trouble into it.  And at all but the most paranoid of
sites, it's little trouble at all; the SET UIC [1,4] command will
gleefully give you what amounts to SYSPRV, then it's off to Authorize to
wreak havoc on the free world.

I know this will probably be but one of a number of similar replies, and
I apologize in advance for opening a can of worms like the one around
a recent query about SYS$ANNOUNCE.  But CMKRNL is an exceedingly
dangerous privilege -- granting it to non-system people can and will
seriously undermine the security of your system by making accidental
and deliberate data access a near-trivial matter.

My two cents' worth on the SYS$ANNOUNCE controversy:  I'd like to think
we're all among friends here.  I don't mind reading the same message
(or essentially the same one) 10 or 15 times because the other information
on Info-VAX is often so valuable.  And every once in a while, I pick up
a trick from one of the very similar messages out there--this makes
them worthwhile.  Good sense and good taste are probably all that's
required here.

Phil Wherry