Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!mgnetp!ihnp4!houxm!houxz!vax135!cornell!uw-beaver!tektronix!hplabs!sri-unix!RCONN@Simtel20.ARPA
From: RCONN@Simtel20.ARPA
Newsgroups: net.micro.cpm
Subject: BYE & RBBS35 Info Needed
Message-ID: <146@sri-arpa.UUCP>
Date: Wed, 18-Jul-84 23:25:00 EDT
Article-I.D.: sri-arpa.146
Posted: Wed Jul 18 23:25:00 1984
Date-Received: Sat, 21-Jul-84 03:59:43 EDT
Lines: 29

From:  Richard Conn <RCONN@Simtel20.ARPA>

	Not meaning to sound like a broken record (squeek, squeek),
but ...

	ZCPR3 solves that problem cleanly.  A system can be made
secure under ZCPR3 by disabling the DU form and enabling only the DIR
form.  Passwords are then assigned to each key directory, and all
commands along the path are either "safe" or wheel-byte protected
(PATH itself will only run if the wheel byte is set).  Then, a user
cannot: (1) see a protected disk dir or (2) TYPE a file, PRINT a file,
or do anything with any file in a protected disk dir without giving
the password for that dir!  See the section on secure systems in
the User's Perspective.  I am excited about this concept and am fairly
sure it can't be broken without internal knowledge of the target
system.

	If anyone can find a way to break this, let me know.

	In the way of example, note that the DU form is disabled.
This means that you cannot issue the command TYPE A7: or anything like
that.  You MUST use the DIR: form, so if you say TYPE SYSROOT:, ZCPR3
will see the PW entry for SYSROOT and prompt the user for a PW.  If no
match, SYSROOT is expanded as his current dir instead, and the command
runs there!

	Hope this helps.

		Rick