On Tuesday, 02/05/2008 at 02:19 EST, David Boyes <[EMAIL PROTECTED]>
wrote:
> Commands exist and are shipped with the OS to examine the spool files
> for other users.
There exists no command that an unprivileged user can use to examine
anothers' spool files.
> No commands are provided to examine pages written by CP
> for other users. Both can be circumvented if you have access to the disk
> containing the data, but it's a lot harder. Thus the "fairly easy" --
> give your id class B somehow, and you're done.
Such a user has then been explicitly authorized by you, then, to possess
extra powers. It is misleading to attribute to the whole ("it is easy to
access xxxxxx") what applies only to an explicitly selected subset ("it is
easy for a sufficiently privileged user to access xxxxxx"). I don't want
newbies to get a warped sence of the security chacteristics of z/VM.
Using the spool to hold data is not a security risk. Choose Linux-based
NJE or use RSCS, but don't use spool as an exclusion criteria (vis a vis
security).
Alan Altmark
z/VM Development
IBM Endicott
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
