Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!zaphod.mps.ohio-state.edu!usc!ucsd!ucbvax!imf.unit.no!hanche
From: hanche@imf.unit.no (Harald Hanche-Olsen)
Newsgroups: comp.sys.apollo
Subject: Security hole: dde!
Message-ID: <CMM.0.88.642098998.hanche@hufsa.imf.unit.no>
Date: 7 May 90 17:49:58 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14

Debugging across the network is a wonderful thing for many of our users, who
use dde to debug code on our (display-less) DN10000 from a DN3500 workstation
(using dde -on //othernode command ...)

HOWEVER, this starts up /sys/debug/tgt/apollo/dbgk_prism AND the program
under debugging WITH ROOT PRIVILEGES on the remote node!!!!!!!

I am appalled.  And flabbergasted.  PLEASE, someone tell me there is some
neat trick I can do to stop this from happening.  Or will I need to disable
across-the-network debugging, in the name of security?

- Harald Hanche-Olsen <hanche@imf.unit.no>
  Division of Mathematical Sciences
  The Norwegian Institute of Technology