Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!ames!ucbcad!ucbvax!uwmacc.UUCP!dorl
From: dorl@uwmacc.UUCP.UUCP
Newsgroups: mod.computers.vax
Subject: Submission for mod-computers-vax
Message-ID: <8703301747.AA28949@unix.macc.wisc.edu>
Date: Mon, 30-Mar-87 12:47:03 EST
Article-I.D.: unix.8703301747.AA28949
Posted: Mon Mar 30 12:47:03 1987
Date-Received: Wed, 1-Apr-87 06:09:24 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 24
Approved: info-vax@sri-kl.arpa

Path: uwmacc!dorl
From: dorl@uwmacc.UUCP (Michael Dorl)
Newsgroups: mod.computers.vax
Subject: VMS Logical Names, Bypass Priv, and Security
Message-ID: <1309@uwmacc.UUCP>
Date: 30 Mar 87 17:47:03 GMT
Organization: UWisconsin-Madison Academic Comp Center
Lines: 15

Can some one point me to a guide on secure use of the bypass privilege?
I want to write a privileged program to access a file, for example
SYS$SYSTEM:WHATEVER.DAT.  What keeps a user from redefining SYS$SYSTEM
to point to some other directory and then running the program so that
it accesses the wrong file?

I also want to access a file from a privileged program as if I were
some user other than the one running the program.  In other words,
user A runs the program and asks to do something that requires updating
file F.  The program knows this is ok if user B could do the same thing
to file F without any special privileges.  What does the program do to
determine this?

Mike Dorl
dorl@unix.macc.wisc.edu