My last word on this (at least for now!)
You can lock down Universe so that a UniObjects developer cannot modify or
delete files.
If someone with a genuine commercially sensistive environment would like to
give me a valid user name and password for uniObjects access to their
system, I will
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stevenson,
Charles
Sent: Saturday, 17 December 2005 2:47 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] global catdir question - security hole
David Wolverton
As a 'security risk', has IBM explicitly been asked to fix this item
and said
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stevenson,
Charles
Sent: Saturday, 17 December 2005 2:47 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] global catdir question - security hole
David Wolverton
As a 'security risk', has
As a 'security risk', has IBM explicitly been asked to fix this item and
said they'd prefer just to leave a gaping hole? Or is it like many things,
everyone knows it, but everyone thinks someone else has followed up on it,
and it must just be 'the way it must be'... Remember, IBM does not
David,
BetterBetter [EMAIL PROTECTED] will be actively back in
business starting the second week in January. You could bring this to
IBM through them as well.
- Chuck Security Risk Barouch
David Wolverton wrote:
As a 'security risk', has IBM explicitly been asked to fix this item
David Wolverton
As a 'security risk', has IBM explicitly been asked to fix
this item and said they'd prefer just to leave a gaping hole?
Or is it like many things, everyone knows it, but everyone
thinks someone else has followed up on it, and it must just
be 'the way it must be'...
.
__
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stevenson,
Charles [EMAIL PROTECTED]
Sent: Friday, December 16, 2005 10:47 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] global catdir question - security hole
David Wolverton
I think that this goes back to the issue I tried to raise a couple of months
back but failed to get much interest.
Imagine that I have an employee who has a valid user name and password to
use my uniObjects based application. He is a knowledgeable sort of chap who
goes home and uses uniObjects to
I think you have the answer. Someone would have to gain access into
your system, and having done so, what would be the point of
sabotaging something within universe to do something malicious? They
already have access to your system. If it's someone internal, then I
would imagine your hiring
PROTECTED] On Behalf Of Martin
Phillips [EMAIL PROTECTED]
Sent: Friday, December 16, 2005 12:49 PM
To: u2-users@listserver.u2ug.org
Subject: Re: [U2] global catdir question - security hole
I think that this goes back to the issue I tried to raise a couple of
months
back
PM
To: [EMAIL PROTECTED]; u2-users@listserver.u2ug.org
Subject: RE: [U2] global catdir question - security hole
Nope. I certainly agree it should be fixed. Historically, it was
never high on the to-fix list, but in today's world, it certainly
would be advantageous
I'm not sure there is a security risk if your system is setup correctly.
Your object code needs to be secured so that root only can update.
When you run a program isn't it the sbcs (Shared Basic Code Server) that
updates the run counter? And sbcs would have permissions.
Can someone on the list
@listserver.u2ug.org
Subject: Re: [U2] global catdir question - security hole
I think that this goes back to the issue I tried to raise a couple of months
back but failed to get much interest.
Imagine that I have an employee who has a valid user name and password to
use my uniObjects based
David A. Green wrote:
I'm not sure there is a security risk if your system is setup
correctly.
Your object code needs to be secured so that root only can update.
When you run a program isn't it the sbcs (Shared Basic Code
Server) that updates the run counter? And sbcs would have
It is a security hole, well-known and by design.
From: john reid
I notice that an ls -lt in the u1 /uv /catdir directory
indicates that the *PROGRAM.NAME is updated apparently each
time an execution happens, at least that is what it looks
like to me. Anyone know if or why that is
Well if it wasn't well known it is now.
- Original Message -
From: Stevenson, Charles [EMAIL PROTECTED]
To: u2-users@listserver.u2ug.org
Sent: Thursday, December 15, 2005 9:38 AM
Subject: RE: [U2] global catdir question - security hole
It is a security hole, well-known and by design
16 matches
Mail list logo