home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!lrw.com!leichter
- From: leichter@lrw.com (JERRY LEICHTER)
- Newsgroups: comp.os.vms
- Subject: re: How to setup a 'MAIL ONLY' VMS user name
- Message-ID: <9207220151.AA13656@uu3.psi.com>
- Date: 22 Jul 92 01:51:59 GMT
- Sender: daemon@ucbvax.BERKELEY.EDU
- Distribution: world
- Organization: The Internet
- Lines: 28
-
- There have been a number of messages pointing out the potential dangers that
- can come about because a "mail-only" account with access to SEND/EDIT can
- write files, like LOGIN.COM.
-
- It's a general principle of setting up secure captive accounts that the files
- used to implement the captive environment not be writeable from within that
- environment. The LOGIN.COM for that account, and any .COM or .EXE files it
- executes, should not be owned by the captive username, and should be read-
- only to it.
-
- When I set up such accounts, I prefer to leave the important files in
- a place like SYS$MANAGER, with the same security settings (e.g., ownership
- by SYSTEM) as important system management files. This makes it easier to
- remember that they are critical, and means that whatever procedures you
- have for editing such files as SYSTARTUP - you DO have such procedures,
- don't you? - can be used for these files as well.
-
- The point of this is to ensure that nothing the captive user can do ever
- executes any file but the ones you have defined. With care, given the
- help VMS gives you with the CAPTIVE flag, this isn't hard to do.
-
- Note that if you consider it a violation of your security policy for these
- accounts that they be able to write ANY files, you have a much tougher
- problem. There are ways to do it, but it's not easy, since incoming mail
- is normally stored "as if by the recipient" and outgoing mail requires the
- creation of temporary files.
- -- Jerry
-
-
