Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!wuarchive!uunet!mcsun!tuvie!mike From: mike@vlsivie.tuwien.ac.at (Michael K. Gschwind) Newsgroups: comp.sys.apollo Subject: Re: Apollo problem list / tirade... Message-ID: <2347@tuvie.UUCP> Date: 26 Feb 91 12:57:39 GMT References: <9102252009.AA09593@hwcae.cfsat.honeywell.com> Sender: news@tuvie.UUCP Organization: Vienna University of Technology Lines: 41 In article <9102252009.AA09593@hwcae.cfsat.honeywell.com> davidy@hwcae.cfsat.honeywell.com (David Young) writes: |>>> Problem List: |>>> |>>> > H52) lack of file system security for Domain/OS files on systems in a |>>> > supposedly "closed" environment. |>>> > [Apollo response: use 'inprot'; the problem with this is that you must |>>> > supply a script of what to change and how - if I knew what needed to be |>>> > changed, and to what ACL's, I would have already done it] APR # dc6fa. |>>> True. A boilerplate was promised at 10.2. It never showed up. I have a |>>> 12 page template that does a pretty good job (though we don't get paranoid). |>>> HP/APOLLO : I WANT A TEMPLATE!!!! |>>> |>>> > N41) a complete set of file and directory ACL's is needed to properly |>>> > configure the file system, as these are not set correctly or consistently |>>> > by the installation procedure. |>>> > [Apollo response: will not be done before SR11] Call # 254175, APR # |>>> > dcd46. |>>> Agreed, but it's "deja vu" time. See H52. |> |>But there is a template file! Read the release notes: |> |> 2.5.3 New Template File for ACLs |> |>The template file *also* comes with the SR10.3 RAI tapes. At least its a start! The template files supplied by Hpollo are no good. Look at your node_data directory. It's probably writeable. Just about any APollo systems I have seen has writeable node_data directories. Remember: if you can write one component of the pathname, you can change all files below it. Now look what's in node_data and panic! no specifics + bye, mike Michael K. Gschwind, Institute for VLSI-Design, Vienna University of Technology mike@vlsivie.tuwien.ac.at 1-2-3-4 kick the lawsuits out the door mike@vlsivie.uucp 5-6-7-8 innovate don't litigate e182202@awituw01.bitnet 9-A-B-C interfaces should be free Voice: (++43).1.58801 8144 D-E-F-O look and feel has got to go! Fax: (++43).1.569697 Brought to you by Super Global Mega Corp .com