Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!watmath!clyde!burl!ulysses!cbosgd!ucbvax!info-vax
From: DEGROOT@HWALHW5.BITNET
Newsgroups: mod.computers.vax
Subject: SECURITY, SCRATCH_AREA, SET FILE/ENTER
Message-ID: <8511190818.AA17153@ucbvax.berkeley.edu>
Date: Tue, 19-Nov-85 03:18:39 EST
Article-I.D.: ucbvax.8511190818.AA17153
Posted: Tue Nov 19 03:18:39 1985
Date-Received: Thu, 21-Nov-85 04:20:28 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 28
Approved: info-vax@sri-kl.arpa

In order to give our users (temporary) more file-storage we implemented the
following procedure on our VAX-cluster (VAX/VMS 4.1):

1.      We created a directory SCRATCH.DIR on the system disk
        where no diskquota is enabled.
2.      The users may execute a command-procedure which creates a subdirectory
        in that area giving them 'unlimited' scratch-space on the system-disk.
3.      Once a week after system-maintenance just before we reboot the system
        we execute a command-procedure with privs on to clear that area.

That procedure runned fine until one of our users found out about the command:
        $ SET FILE/ENTER=TEST.DAT SYS$MANAGER:some-file
That user couldn't do anything to the files he pointed to that way
but our delete-procedure could and did!! The effect is that you remove the tyres
of a car running at 100 miles/hour!

I have some questions:

1.      Is there a better way to implement a scratch-area without reserving
        an extra disk or go through the burden of creating an entry
        with DISKQUOTA for every user?
2.      Is there a way to require some privs for the use of the command
        $ SET FILE/ENTER ?

By the way: I am convinced that it is always better to publish security-related
stuff in INFO-VAX than to have our hackers find out before we know.

                .KeesdeGroot    (DEGROOT@HWALHW5.BITNET)