Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!kuhub.cc.ukans.edu!caen!hellgate.utah.edu!fcom.cc.utah.edu!npd.novell.com!newsun!keith
From: keith@ca.excelan.com (Keith Brown)
Newsgroups: comp.sys.novell
Subject: Re: Security
Message-ID: <1991Apr30.201436.20973@novell.com>
Date: 8 May 91 06:02:23 GMT
Sender: news@novell.com (
Lines: 27

The News Manager)
Nntp-Posting-Host: ca
Reply-To: keith@ca.excelan.com (Keith Brown)
Organization: Novell, Inc. San Jose, California
References: <"910426181402.75470.3414.EHL28-1"@CompuServe.COM> <11467@uwm.edu>
Date: Tue, 30 Apr 1991 20:14:36 GMT

In article <11467@uwm.edu> jeffd@csd4.csd.uwm.edu (Jeffrey Alan Ding) writes:
>Add Supervisor to the managed users or groups field for your name.  That
>way, you can make yourself a supervisor any time you want. 
>.........
>This is a grave bug in security if you ask me, cause nothing reveals it
>and the only way you can find out is to look at every user individually.
>

Don't forget that you have to be SUPERVISOR (or equivalent) to add any
managed users to an accounts flock so this is hardly a "grave bug in
security".  You are however correct in pointing out that the security
checker should probably rat on users who have SUPERVISOR as a managed
account.

I'll suggest this internally and take the credit for having thought of it.

Thanks..... :-)
Keith
-
Keith Brown                                      Phone: (408) 473 8308
Novell San Jose Development Centre               Fax:   (408) 433 0775
2180 Fortune Dr, San Jose, California 95131      Net:   keith@novell.COM