Path: utzoo!attcan!uunet!decwrl!decwrl!kmeyer
From: kmeyer@wrl.dec.com (Kraig Meyer)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: toll restrictors
Message-ID: <4619@bacchus.dec.com>
Date: 1 Jun 90 17:17:18 GMT
References: <9005311822.AA14512@ocdis01.af.mil>
Sender: news@decwrl.dec.com
Organization: DEC Western Research Lab
Lines: 27


||Andrew Heybey wrote:
||> ...on a unix system, telnet is a user program that opens a 
||> socket....Does your system not allow unprivilidged users to 
||> open network connections?  Are you relying on nobody knowing 
||> how to write/compile/etc their own program to use the net?  Or 
||> does your system have some other mechanism for controlling 
||> network access?

In article <@ocdis01.af.mil> robjohn@OCDIS01.AF.MIL (Robert Johnson) writes:
||...By 'turn off', I mean we change permissions so only a trusted group 
||of individuals can use it - not the user population at large.  We protect 
||telnet, ftp, cu, tip, and the compilers and debuggers this way.  We also 
||have daily reports showing who is using these functions...[this] maintains 
||full accountability of our connectivity with other systems.

Bob, I'm still curious whether the operating system you are using actually 
has a way of preventing a user from opening his or her own network connection.
Under unix and many other OS, opening a network connection does not require
any special privileges.  On such a system, taking away a user's ability to 
run your copy of telnet, ftp, etc. does not take away a user's ability to 
telnet, ftp, etc. by using his or her own program.

*****************************************************************************
Kraig Meyer                                                kmeyer@wrl.dec.com
On parole from the University of Southern California.     All views expressed
are my own and may or may not be the same as those of Digital Equipment Corp.