Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!bbn!oberon!sargas.usc.edu!tli
From: tli@sargas.usc.edu (Tony Li)
Newsgroups: comp.os.vms
Subject: Re: installed images and security  (resent)
Message-ID: <4234@oberon.USC.EDU>
Date: Fri, 28-Aug-87 11:18:46 EDT
Article-I.D.: oberon.4234
Posted: Fri Aug 28 11:18:46 1987
Date-Received: Sun, 30-Aug-87 01:14:19 EDT
References: <8708280950.AA25855@ucbvax.Berkeley.EDU>
Sender: nobody@oberon.USC.EDU
Reply-To: tli@sargas.usc.edu (Tony Li)
Organization: University of Southern California, Los Angeles, CA
Lines: 17

In article <8708280950.AA25855@ucbvax.Berkeley.EDU> DIEHL%iravcl@germany.CSNET (Arno Diehl) writes:

        Using FINGER there *is* a way to read *any* protected 
        file, if  the directory containing that file allows at
        least EXECUTE-access. (The reason is one of the various 
        SET FILE ... commands)
    
Would you consider posting either a patch or a workaround please?
Telling us that there is a bug without a diagnosis and patch begs to
have some hacker discover and abuse it.

Thanks,
Tony Li
Tony Li - USC University Computing Services	"Fene mele kiki bobo"
Uucp: oberon!tli						-- Joe Isuzu
Bitnet: tli@uscvaxq, tli@ramoth
Internet: tli@sargas.usc.edu