Date   : Wed, 08 Aug 1984 11:34:00 MDT (Wed)
From   : Richard Conn <RCONN@Simtel20.ARPA>
Subject: RBBS/ZCPR2

Yes, I concur that with programs like SWEEP, security is basically
lost if you can get to them.  ZCPR3 offers a distinct advantage in
this arena in that for secure systems with the DU form disabled, then
the DIR form has to be used.  Each named directory has a password
associated with it.  So if the user types ROOT:SWEEP, then if ROOT has
a non-blank password, the user is FORCED to provide a correct password
before the system will log him in.  If he does not provide the correct
password, the ROOT: reference is changed (internally) to the current
directory.  The same is true for commands like TYPE DIR:PASSFILE.TXT,
since even for references in the argument fields, the password
protection holds under ZCPR3.

       "Dangerous" commands should be placed into a named directory
which is not in the command search path.  If you want even more
security, have the login sequence DISABLE the reference in the named
directory to this "secure" directory, so its NAME is not even
available to the user.  With DU disabled and no NAME, a directory
CANNOT be referenced unless a tool like SWEEP which bypasses the
protection system is used, and hopefully the path protection with the
named directory reference will stop that.


       Rick