Subject: BYE & RBBS35 Info Needed

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>

Date   : Wed, 18 Jul 1984 21:25:00 MDT (Wed)
From   : Richard Conn <RCONN@Simtel20.ARPA>
Subject: BYE & RBBS35 Info Needed

       Not meaning to sound like a broken record (squeek, squeek),
but ...

       ZCPR3 solves that problem cleanly.  A system can be made
secure under ZCPR3 by disabling the DU form and enabling only the DIR
form.  Passwords are then assigned to each key directory, and all
commands along the path are either "safe" or wheel-byte protected
(PATH itself will only run if the wheel byte is set).  Then, a user
cannot: (1) see a protected disk dir or (2) TYPE a file, PRINT a file,
or do anything with any file in a protected disk dir without giving
the password for that dir!  See the section on secure systems in
the User's Perspective.  I am excited about this concept and am fairly
sure it can't be broken without internal knowledge of the target
system.

       If anyone can find a way to break this, let me know.

       In the way of example, note that the DU form is disabled.
This means that you cannot issue the command TYPE A7: or anything like
that.  You MUST use the DIR: form, so if you say TYPE SYSROOT:, ZCPR3
will see the PW entry for SYSROOT and prompt the user for a PW.  If no
match, SYSROOT is expanded as his current dir instead, and the command
runs there!

       Hope this helps.

               Rick

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>