Newsgroups: comp.admin.policy
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!csn!cherokee!newsat!jbw
From: jbw@maverick.uswest.com (Joe Wells)
Subject: running COPS without asking (was: SUSPEND SYSOPS, NOT STUDENTS)
In-Reply-To: marchany@vtserf.cc.vt.edu's message of 21 Jun 91 14: 34:17 GMT
Message-ID: <JBW.91Jun24215426@maverick.uswest.com>
Sender: news@cherokee.uswest.com (Telegraph Row)
Nntp-Posting-Host: maverick.uswest.com
Organization: U S West Advanced Technologies
References: <CKD.91Jun17111320@eff.org>
	<FWP1.91Jun17194213@Jester.CC.MsState.Edu>
	<JBW.91Jun20202101@maverick.uswest.com> <1948@vtserf.cc.vt.edu>
Date: Tue, 25 Jun 1991 04:54:26 GMT

In article <1948@vtserf.cc.vt.edu> marchany@vtserf.cc.vt.edu (Randy Marchany) writes:

   Really now. This whole issue has gone far enough. There is NO problem
   with users "checking" system security IF they advise the sysadmin BEFORE
   they do it AND, I repeat, AND it is permissible under the site's
   existing policy.

So users on a Unix system are not allowed to apply the Unix "stat" system
call to files which are normally reachable via the "stat" system call.
And the "read" system call to files which are normally accessible via the
"read" system call.  Bizarre!

   The IETF working group on Site Security Policies specifically mentions
   that individual sites need to make a decision on how to handle "tiger
   teams" (after all, this is really what this particular discussion has
   been about... a tiger team of 1).

A tiger team of 1 employing the *dangerous* "stat" and "read" system
calls.  Scary!  :-) :-) :-)

-- 
Joe Wells <jbw@uswest.com>
