Path: utzoo!attcan!uunet!olivea!samsung!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpcc05!hpcuhb!hpda!hpcuha!hpcuhd!edwardm
From: edwardm@hpcuhd.HP.COM (Edward McClanahan)
Newsgroups: comp.sys.next
Subject: Re: Security Hole?
Message-ID: <108170004@hpcuhd.HP.COM>
Date: 8 Dec 90 01:57:28 GMT
References: <49464@cornell.UUCP>
Organization: Hewlett Packard, Cupertino
Lines: 23

Louis A. Mamakos writes:

> In the 2.0 software, there is a new preferences item called something like
> "Public Sound Port" or some such.  It is similar to the "Public Window Server"
> switch.  Presumably, when you turn this off, the sound port is not accessable
> other than on the local machine.

Correct me if I am wrong, but doesn't "disabling" Public Window Server merely
prevent processes running on other NeXT's (etc...) from openning the display
on my local NeXT and posting a window to it?  I suspect that Public Sound Port
works the same way.  Neither of these "settings" prevents the case where the
snooper on a remote machine "logs in" to my NeXT and runs a process on my NeXT
which attaches to the display or the microphone.  I think this is the situation
that the original poster felt there no defense for.  For me, I don't intend on
letting others run programs on my machine (:-)).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

  Edward McClanahan
  Hewlett Packard Company     -or-     edwardm@cup.hp.com
  Mail Stop 42UN
  11000 Wolfe Road                     Phone: (480)447-5651
  Cupertino, CA  95014                 Fax:   (408)447-5039