Path: utzoo!utgpu!water!watmath!clyde!rutgers!cmcl2!husc6!mailrus!umix!uunet!mcvax!enea!kuling!bmc1!sys_ms
From: sys_ms@bmc1.uu.se
Newsgroups: comp.sys.mac
Subject: Re: some practical AppleShare questions
Message-ID: <1379@bmc1.uu.se>
Date: 20 Mar 88 00:42:45 GMT
References: <567@tnosel.UUCP> <891@aucs.UUCP> <7603@apple.Apple.Com>
Lines: 29
Organisation: Biomedical Center, University of Uppsala, Sweden

In article <7603@apple.Apple.Com>, lsr@Apple.COM (Larry Rosenstein) writes:
> In article <891@aucs.UUCP> peter@aucs.UUCP (Peter Steele) writes:
> 
>>But will it protect users from each other? I thinking primarily
>>of a (hostile) student environment where there's always at least
>>one student who would love to go around wrecking havoc on the
> 
> AppleShare 1.0 & 1.1 did have a problem where a malicious user could steal
> someone's folder.  Even though s/he couldn't open the folder s/he could
> prevent the legitmate owner from gaining access as well.
> 
> AppleShare 2.0, which was recently announced, allows the owner of a folder
> to set a flag prohibiting it from being moved, which prevents the folder
> from being held hostage.
> 
> Are there other ways in which a malicious user can cause problems with
> AppleShare? 

There are a very easy way to bypass Appleshares security mechanism, and
gain access to every folder on the system. Without hacking passwords
and without access to the main machine. I am not sure wich version of 
Appleshare I discovered this on. I could check it up.

	Mats Sundvall
	BMC
	University of Uppsala
	Sweden

	mats@bmc1.uu.se