home *** CD-ROM | disk | FTP | other *** search
/ NetNews Usenet Archive 1992 #31 / NN_1992_31.iso / spool / comp / os / vms / 19731 < prev    next >
Encoding:
Text File  |  1992-12-22  |  6.7 KB  |  144 lines
  1. Newsgroups: comp.os.vms
  2. Path: sparky!uunet!cs.utexas.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!ux1.cso.uiuc.edu!news.cso.uiuc.edu!jsue
  3. From: jsue@ncsa.uiuc.edu (Jeffrey L. Sue)
  4. Subject: Re: HELP!!! Security problem for gurus.
  5. References: <Bz1nrE.ALq@unx.sas.com> <1992Dec19.025940.1@us.oracle.com> <1992Dec22.161918.9033@ncsa.uiuc.edu>
  6. Message-ID: <1992Dec22.184359.20436@ncsa.uiuc.edu>
  7. Originator: jsue@mars.ncsa.uiuc.edu
  8. Sender: usenet@news.cso.uiuc.edu (Net Noise owner)
  9. Organization: The Dow Chemical Company
  10. Date: Tue, 22 Dec 1992 18:43:59 GMT
  11. Keywords: hack security files-11 protection
  12. Lines: 130
  13.  
  14. This is strange, following up my own post, but I made some statements that
  15. weren't entirely correct.  After more testing here's my results:
  16.  
  17. In article <1992Dec22.161918.9033@ncsa.uiuc.edu> jsue@ncsa.uiuc.edu (Jeffrey L. Sue) writes:
  18. >
  19. >I want to warn anyone using "unsupported" VMS techniques like putting the
  20. >directory below 8 levels deep, renaming the .DIR to something else (e.g.,
  21. >.DAT), or completely munging the directory.
  22. >
  23. >If this information is important to you, then just realize that VMS BACKUP
  24. >will "lose" this information in the event of a full disk restore.  Also,
  25. >if ANALYZE/DISK/REPAIR (before or after the restore) will place these files
  26. >in [SYSLOST].
  27.  
  28. NOTE: ANALYZE/DISK/REPAIR and VMS BACKUP neither one "lost" the files
  29.     in my example.  They were in the saveset, with "[]" as the directory.
  30.  
  31. >
  32. >Just to see what would happen, I used my V5.5-2 system to create a directory
  33. >16 levels deep and created a file in it.  This is [X1...X16]XXXX.XXXX
  34. >
  35. >Also, I created [YY]TEST1.DAT and then renamed yy.dir to ZZ.DAT.  Here is
  36. >the backup listing that resulted.
  37. >
  38. >*********************
  39. >Listing of save set(s)
  40. >
  41. >Save set:          X.BAK
  42. >Written by:        S084349
  43. >UIC:               [000001,000005]
  44. >Date:              22-DEC-1992 11:02:20.98
  45. >Command:           BACKUP/IMAGE DISK$VUSER2: DISK$VUSER1:[000000]X.BAK/SAVE
  46. >Operating system:  VAX/VMS version V5.5
  47. >BACKUP version:    V5.5-2
  48. >CPU ID register:   13000202
  49. >Node name:         _CRVS02::
  50. >Written on:        _$1$DKA200:
  51. >Block size:        32256
  52. >Group size:        10
  53. >Buffer count:      116
  54. >
  55. >Image save of volume set
  56. >Number of volumes: 1
  57. >
  58. >Volume attributes
  59. >Structure level:   2
  60. >Label:             VUSER2
  61. >Owner:
  62. >Owner UIC:         [000001,000004]
  63. >Creation date:      9-DEC-1992 07:39:39.87
  64. >Total blocks:      1316751
  65. >Access count:      3
  66. >Cluster size:      3
  67. >Data check:        No Read, No Write
  68. >Extension size:    5
  69. >File protection:   System:RWED, Owner:RWED, Group:RE, World:
  70. >Maximum files:     164593
  71. >Volume protection: System:RWCD, Owner:RWCD, Group:RWCD, World:RWCD
  72. >Windows:           16
  73. >Minimum retention:   30 00:00:00.00
  74. >Maximum retention:   30 00:00:00.00
  75. >
  76. >[000000]BACKUP.SYS;1                                      0   9-DEC-1992 07:39
  77. >[000000]BADBLK.SYS;1                                      0   9-DEC-1992 07:39
  78. >[000000]BADLOG.SYS;1                                      0   9-DEC-1992 07:39
  79. >[000000]BITMAP.SYS;1                                    109   9-DEC-1992 07:39
  80. >[000000]CONTIN.SYS;1                                      0   9-DEC-1992 07:39
  81. >[000000]CORIMG.SYS;1                                      0   9-DEC-1992 07:39
  82. >[000000]DEFRAG.DIR;1                                      1  12-DEC-1992 14:36
  83. >[DEFRAG]$1$DKA0_PIC.LIS;1                                13  12-DEC-1992 15:33
  84. >[DEFRAG]$1$DKA200_PIC.LIS;1                              10  12-DEC-1992 16:56
  85. >[000000]INDEXF.SYS;1                                   1062   9-DEC-1992 07:39
  86. >[000000]OFFLOAD.DIR;1                                     1  12-DEC-1992 14:41
  87. >[000000]PATCHES.DIR;1                                     1  10-DEC-1992 09:08
  88. >[000000]SCR.DIR;1                                         1  12-DEC-1992 14:41
  89. >[000000]SYSLOST.DIR;1                                     1   9-DEC-1992 07:39
  90. >[000000]VOLSET.SYS;1                                      0   9-DEC-1992 07:39
  91. >[000000]X1.DIR;1                                          1  22-DEC-1992 10:48
  92. >[X1]X2.DIR;1                                              1  22-DEC-1992 10:48
  93. >[X1.X2]X3.DIR;1                                           1  22-DEC-1992 10:48
  94. >[X1.X2.X3]X4.DIR;1                                        1  22-DEC-1992 10:48
  95. >[X1.X2.X3.X4]X5.DIR;1                                     1  22-DEC-1992 10:48
  96. >[X1.X2.X3.X4.X5]X6.DIR;1                                  1  22-DEC-1992 10:48
  97. >[X1.X2.X3.X4.X5.X6]X7.DIR;1                               1  22-DEC-1992 10:48
  98. >[X1.X2.X3.X4.X5.X6.X7]X8.DIR;1                            1  22-DEC-1992 10:48
  99. >[X1.X2.X3.X4.X5.X6.X7]X9.DIR;1                            1  22-DEC-1992 10:50
  100. >[X1.X2.X3.X4.X5.X6.X7.X9]X10.DIR;1                        1  22-DEC-1992 10:50
  101. >[000000]ZZ.DAT;1                                          1  22-DEC-1992 11:01
  102. >[]000000.DIR;1                                            2   9-DEC-1992 07:39
  103. >[]TEST1.DAT;1                                             1  22-DEC-1992 11:01
  104. >[]X11.DIR;1                                               1  22-DEC-1992 10:50
  105. >[]X12.DIR;1                                               1  22-DEC-1992 10:50
  106. >[]X13.DIR;1                                               1  22-DEC-1992 10:50
  107. >[]X14.DIR;1                                               1  22-DEC-1992 10:50
  108. >[]X15.DIR;1                                               1  22-DEC-1992 10:50
  109. >[]X16.DIR;1                                               1  22-DEC-1992 10:50
  110. >[]XXXX.XXXX;1                                             1  22-DEC-1992 10:50
  111. >
  112. >Total of 35 files, 1220 blocks
  113. >End of save set
  114. >
  115. >**************************************
  116. >NOTE:  All files and directories will not be restored correctly if a disk
  117. >    problem occurs.
  118. >
  119.  
  120. My NOTE above is completely incorrect.  All files and directories are
  121. restored during a full disk restore (BACKUP/IMAGE restore).  However,
  122. if a backup /SELECT=[mydir...] were performed to restore my files,
  123. then the files hidden will not be restored.  This effectively breaks
  124. things like SLS or TAPESYS, which depend on the listing and /SELECT
  125. qualifiers to find and restore files.
  126.  
  127. The surprising thing to me is that using directory levels below X9 does
  128. not cause any errors!  Not even ANALYZE/DISK/REPAIR will point them out.
  129. This does create a neat way to hide files, however anyone who has privs enough
  130. to look around in my directory can also see that I have .DIR files at level
  131. 9 and define the necessary logical to start looking in there as well.  In
  132. fact, it might even be more obvious to such a person that I have something
  133. to hide, since he/she can merely do a DIRECTORY:[*.*.*.*.*.*.*.*.*] just to
  134. see if anything shows up.
  135.  
  136. My definite favorite is using the MAIL$bignumber.MAI to hide them.
  137. Nothing's better than hiding in plain sight.
  138.  
  139.  
  140. -- 
  141. -----
  142. Jeff Sue   
  143.  - All opinions are mine -       (and you can't have any, nya nya nya)
  144.