Xref: utzoo alt.security:836 comp.sys.next:6614 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!oz.cis.ohio-state.edu!jgreely From: jgreely@oz.cis.ohio-state.edu (J Greely) Newsgroups: alt.security,comp.sys.next Subject: Re: Abuse of System Administrators privledges? (Public/Private Files) Message-ID: Date: 14 Jun 90 03:06:22 GMT References: <90164.185721MXB126@psuvm.psu.edu> Sender: news@tut.cis.ohio-state.edu Reply-To: J Greely Followup-To: alt.security Organization: Ohio State University Computer and Information Science Lines: 108 In-reply-to: MXB126@psuvm.psu.edu's message of 13 Jun 90 22:57:21 GMT In article <90164.185721MXB126@psuvm.psu.edu> MXB126@psuvm.psu.edu (Michael S Barthelemy) writes: >We have all heard of computer systems abuse but here may be a new part of the >issue. I think you meant to send this to alt.conspiracy. Why don't you just *ask* somebody why your account was locked, instead of inhaling volatile chemicals and letting fly at the net? I suspect you're jumping the gun just a tad, but I'll try to treat it seriously (deep sigh, remembering the *last* time I said that here). The sense I can make of this story is: 1) you were locked out of your account on university NeXTs. 2) you had the sources to a game on an optical disk that is your personal property. Somehow, these combine to produce: 3) the fascist sysadmins snooped through your disk and performed #1 for reason #2. Relevant information that's missing: What was your account for? Is there a policy about games? Is the machine in question networked? Was process accounting turned on? Did the semester just end? > Is what one has on their *own* storage medium public or private? and ... Certainly. You might not have the right to use someone else's equipment to make use of that property, but its contents are private, unless you make them in some way public. If the machine is networked, the files on the optical drive are as private as the ones in your home directory, and are protected by the same mechanism. Whether or not an administrator can look at files stored on *their* disks is mostly a matter of policy. >Does a system administrator have the right to search it if it is protected >against being searched? Depends. We could have armchair lawyers argue about it for hours (and since this is Usenet, we probably will). Things like "probable cause", "search warrants", and "university regulations" will probably get tossed around. If the administrators suspect a problem, their first response will probably be locking you out of the system and calling you in for a chat. Most administrators are very sensitive to the legal issues surrounding the privacy of a user's files, and will be reluctant to browse. One problem comes with the fact that the files in question were stored on a removable optical disk that, when mounted, looks just like another subdirectory. If an administrator is looking through your directory to see if her suspicions regarding possible misuse are correct, she may not notice that she's crossed a mount point, unless the disk is named "OPTICALDISKMINEMINEMINE". >If my OD is readable only by myself is it against the law for the systemm >administrator to search through *my* files on a storage medium which *I own*? Ordinarily, sure. First, you haven't demonstrated any proof that this actually occurred. Second, you may have given away some rights in agreeing with the conditions under which your use of the system was authorized. Third, unless you left this disk sitting somewhere, you were using it on their machine when they presumably read it. Unix tools commonly used to search for files wouldn't notice the mount point, and would cheerfully go through your disk looking for contraband (side note: does the version of find supplied by NeXT support the -xdev switch? The wind answers, "there's one three feet from you; check yourself". Yes, it does). >Would this be a violation of the Constitution which guarantees me the right to >private property? No, since the Constitution does no such thing. Article IV of the Bill of Rights ("unreasonable search and seizure") is as close as it gets, and that only guarantees that government stooges have to prove to *other* government stooges that they have a good reason for raiding you (unless taxes, drugs, or computers are involved :-(). >I have been told not to have the AberMUD code on my account and do not have it >on my account but do they have the right to be able to tell me what I can and >cannot have on my Optical Disk? Silly question. If the rule in question is "no games on the system", it doesn't really matter where you keep the object code. You can have five versions of the complete sources to nethack on your disk without anyone caring, but using them will be against the rules. >Any intelligent replys welcome, flames ignored. ... >To any PSU administrators who may read this: > Fuck you all. {Irrational comment of the day} Requesting intelligent replies presupposes an intelligent question. So far, all I see is someone assuming the worst about a situation that is most likely quite simple. It sounds like you're very upset about something, but I haven't the foggiest idea what. Count to ten and call us back, ok? > Don't even think of cancling this post because *I* paid for it while > posting it from my B-Account here on PSUVM. "Since I have only received 4 replies as of today I must assume I did not post to a wide enough variety of groups. Here it is reposted for all." -- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)