Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site gwsd.UUCP
Path: utzoo!watmath!clyde!cbosgd!cbdkc1!desoto!packard!ihnp1!ihnp4!qantel!hplabs!sdcrdcf!sdcsvax!gwsd!revc
From: revc@.UUCP (Bob Van Cleef)
Newsgroups: net.micro.att
Subject: pc7300 security
Message-ID: <141@.UUCP>
Date: Mon, 29-Jul-85 18:01:52 EDT
Article-I.D.: .141
Posted: Mon Jul 29 18:01:52 1985
Date-Received: Sat, 3-Aug-85 03:59:19 EDT
Organization: Gateway Computer Systems, San Diego
Lines: 26
Keywords: 7300 security user-agent
Summary: pc7300 has major security problems

There appears to be a lack of concern about security in the current
implementation of the pc7300 User Agent.

  	If you are a "EXPERT USER" as defined by the User Agent,
	you can add and delete users, cancel print jobs, and 
	basically have a good time.  Any "EXPERT USER" has full
	access to all of the system administrative functions.

You can control this to a certain extent by defining an account to
be a non-expert, but a NON-EXPERT CAN REDEFINE THEMSELVES TO BE
AN EXPERT!!!

Also, you cannot isolate authority to access Unix (which has all of
the normal security features) from having access to system administration,
which has NO security.  If you are concerned about the destructive
effects of a non-expert user that likes to "try things" then you
must not allow them access to the User Agent at all!

Comments?
---------
Note: You can login as root from all ports, including the modem.
-- 
Bob Van Cleef			...sdcsvax!gwsd!revc
Gateway Computer Systems	 (619) 457-2701
4980 Carroll Canyon Road
San Diego, CA 92121
#! rne