Path: utzoo!attcan!uunet!dino!ux1.cso.uiuc.edu!iuvax!maytag!mks.com!dale
From: dale@mks.com (Dale Gass)
Newsgroups: comp.os.os2
Subject: Re: OS/2 Security (or lack thereof)
Message-ID: <1990Jul20.161853.23690@mks.com>
Date: 20 Jul 90 16:18:53 GMT
References: <6701@vax1.acs.udel.EDU> <55814@microsoft.UUCP>
Reply-To: dale@mks.com (Dale Gass)
Organization: Mortice Kern Systems, Waterloo, Ontario, Canada
Lines: 28

In article <55814@microsoft.UUCP> alistair@microsoft.UUCP (Alistair BANKS) writes:
>Microsoft Lan Manager 2.0 provides such a secure file system.
>
>There are four classes of user:- Admin, User, Local & Guest. These 
>are treated as special user groups and you can assign permissions 
>to a person according to the groups he belongs to.

I have used IBM's Lan Manager (the same beast as Microsoft's, I
believe) for several months, and found it be have a reasonable
permissions structure, given the limitations of the OS/2 file system
(now, the quality of the underlying token ring hardware and drivers was
a joke, but that's another story).

*However*, there is (or at least was) one serious bug in the version of
the software I was using, that allowed any machine on the network
(regardless of whether the person had *any* account on the domain), to
get Admin privileges and access any file he wished.  No major hacking
required; all that was needed was to use the normal lan configuration
menus for a certain setup.

Although this hole was stumbled across by accident, and is unlikely to be
found in day-to-day operations, it does make Lan Manager less than ideal
for critical data.

I foget the actual version we were using; IBM was aware of the problem, and
may have fixed it in a later release.

-dale@mks.com    uunet!watmath!mks!dale