From:	CSBVAX::CSBVAX::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 23-NOV-1988 22:40
To:	MRGATE::"ARISIA::EVERHART"
Subj:	World protections on SYS$SYSTEM: files.


Received: From KL.SRI.COM by CRVAX.SRI.COM with TCP; Wed, 23 NOV 88 10:17:11 PDT
Received: from uwavm.acs.washington.edu (oly.acs.washington.edu) by KL.SRI.COM with TCP; Wed, 23 Nov 88 10:14:12 PST
Received: from UWAVM.ACS.WASHINGTON.EDU by uwavm.acs.washington.edu ; Wed, 23 Nov 88 10:12:46 PST
Received: from RITA.ACS.WASHINGTON.EDU (WIZARD) by UWAVM.ACS.WASHINGTON.EDU
 (Mailer X1.25) with BSMTP id 7261; Wed, 23 Nov 88 10:12:44 PST
Date: Wed, 23 Nov 88 10:11 PDT
From: "The Bandit . . . (on RITA)" <WIZARD@RITA.ACS.WASHINGTON.EDU>
Subject: World protections on SYS$SYSTEM: files.
To: info-vax@kl.sri.COM
X-VMS-To: IN%"info-vax@kl.sri.com",WIZARD

Mark Hartwell <clyde!watmath!julian!uwovax!52032_2326@BELLCORE.COM>, in an
article with a subject of "Virus: User names not always secure in SYSUAF",
wrote:

>    If one can access SYSUAF.DAT to copy it, then it **IS** possible
>    to get access to user names.  This is a GOOD reason to avoid
>    READALL and to ensure that READ/EXECUTE access is selectively
>    given to system files.  Let us be thankfull that VMS does not
>    display PASSWORDs as do other environments!

A thought ran through my mind as I read this, and that was that someone
out there in net-land might think it is a good idea to change the protections
on executables in SYS$SYSTEM: from W:RE to W:E.  This may sound like a good
idea, and may be for some files, but it is not advisable for INSTALLed images.

If an INSTALLed image has W:RE protection, the code segments can be shared.
If users have only execute access to the INSTALLed image, then EACH USER GETS
A PRIVATE COPY OF THE CODE.

I discovered this a long time ago when someone had changed the protection
on our PASCAL compiler to W:E.  Our system was dying, and it was finally
determined that none of the PASCAL code was being shared.  By merely changing
the protection to W:RE, code pages sharing began to occur (for new compiles).

Just FYI.

-Derek Haining
 Academic Computing Services
 University of Washington
 Seattle,  Waashington
 (206) 543-5579

 DEREK@RITA.BITNET
        -or-
 DEREK@RITA.ACS.WASHINGTON.EDU