home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!dtix!darwin.sura.net!gatech!usenet.ins.cwru.edu!agate!ucbvax!ELROS.STG.TRW.COM!powers
- From: powers@ELROS.STG.TRW.COM
- Newsgroups: comp.os.vms
- Subject: RE: Getting rid of SMB_SECURITY once and for all ?
- Message-ID: <00965c66.12618940.15752@elros.stg.trw.com>
- Date: 29 Dec 92 02:26:36 GMT
- Sender: daemon@ucbvax.BERKELEY.EDU
- Organization: The Internet
- Lines: 31
-
-
- Dr Bernhard Fabricius:
- > I seem to spend most of my "consultancy" time telling people how
- > to let user ? on machine X.Y.Z.Q display on DECwindows/Motif displays, and
- > am rapidly coming 'round to the opinion that the Session Manager's "Security"
- > feature is the most useless invention since the Electric Nostril Hair Remover.
- [etc]
- > I was wondering if there is a way
- > to tell the server not to check "Security" at all, ie let all connections in
-
- Just one little note. DECwindows and DECwindows/Motif are both implementations
- of X-windows. Over in the computer security newsgroups on Usenet Netnews,
- there has been a recent flurry of discussion about flaws in X-windows that
- allow just anybody to read and write anything they want on your X-windows
- screen, like, oh, reading your password, and entering commands on your
- behalf to delete all of your files. That is, IF windows security is done
- sloppily.
-
- The gossip is that, if you are sloppy, and if I wanted to, I could destroy
- your X-windows/DECwindows world in Australia from right here in my home in
- southern California U.S.A. easy as pie.
-
- To be sure, the X-windows flaws being discussed are Eunuchs-based, but then
- again DECwindows is also X-windows under another name. So, maybe the risk
- goes right across operating systems. Maybe not. Is convenience worth the
- risk? Not on my system. I think I'll just delete my own files myself in my
- own good time, thank you.
-
- Lester Powers
- powers@elros.stg.trw.com
- (inbound E-mail nameservers clobbered for the holidays)
-
