On Wednesday, 02/06/2008 at 07:08 EST, David Boyes <[EMAIL PROTECTED]> wrote: > On 2/6/08 2:47 AM, "Alan Altmark" <[EMAIL PROTECTED]> wrote: > > > On Tuesday, 02/05/2008 at 02:19 EST, David Boyes <[EMAIL PROTECTED]> > > wrote: > > > >> Commands exist and are shipped with the OS to examine the spool files > >> for other users. > > > > There exists no command that an unprivileged user can use to examine > > anothers' spool files. > > I don't recall ever claiming that unprivileged users *could*. Where'd you > get that idea? Maybe that's the root of the disconnect here.
Yes, that's what the issue is. I got the idea because you didn't qualify your claim, making it appear as if anyone with enough *knowledge* could see someone else's spool files. While that is necessary, it is definitely not sufficient. > > Using the spool to hold data is not a security risk. > > Assuming you trust your privileged users completely. More exposures are > inside jobs than any risk of external exposure. Stop moving the cheese! :-) If you do not trust your sysadmins, then all is lost. At z/VM's level of certification, the explicit claim in the protection profiles is for "no evil admin". There are higher levels of security that introduce "trust metrics" (I trust you this far and no further) and two-key operations. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
