Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!umich!samsung!brutus.cs.uiuc.edu!psuvax1!psuvm!UOTTAWA!PETEHIC
From: PETEHIC@UOTTAWA.BITNET (Pete Hickey)
Newsgroups: bit.listserv.novell
Subject: Re: Netware security problem?
Message-ID: <NOVELL%90020208020777@SUVM.BITNET>
Date: 2 Feb 90 12:55:17 GMT
Sender: Novell LAN Interest Group <NOVELL@SUVM>
Reply-To: Novell LAN Interest Group <NOVELL@SUVM>
Lines: 20
Approved: NETNEWS@PSUVM Gateway
In-Reply-To:  Message of Wed, 31 Jan 90 11:47:33 LCL from <XBR1D65W@DDATHD21>

HaJo,

Your backup program is a VAP, or a special process running on the
server.  When you do a backup, you talk to the VAP, not the novell
server.  A cleaver programmer would be able to also write a program that
would talk to the VAP.  The operations that can be done, however, depend
on the VAP.  If you would let anyone install VAPs on your server, sure
a cleaver programmer could write a VAP that would let him access the
files without having logged on.  You don't, however.  A VAP is a *trusted*
process running on the server.

If you're familiar with Unix, try thinking in terms of a VAP as a
running with the SUID bit on.  Is it secure?

=======================================================================
Pete Hickey                     | Convention says that something funny
University of Ottawa            | goes here.  Its blank because I have
Ottawa, Ontario, CANADA         | nothing funny to say.
(613) 564-7646                  |_____________________________________
    petehic@uotacdvm.uottawa.CA      PETEHIC@UOTTAWA.BITNET