"Miscioscia, George M" wrote: > > Spectrum users, > > This statement is not entirely true... > > "The writable directories include those containing the Spectrum executables, > at least one of which is, and apparently must be, run as "root" during > normal operation of the product." > > Although certain directories are made writable, the SpectroSERVER executable > need only run once as "root". It is a suggested practice to create your > Spectrum "Administrators" and "Operators" during this initial running. Once > done, shut down the SpectroSERVER and then restart it as a Spectrum > "Administrator". Open the User Editor and destroy the "root" user > immediately. There is no need for its presence anymore. The same holds > true for Windows NT, destroy the "Administrator" model from the > SpectroSERVER database. > > I was told once by a wise man that there is no such thing as computer > security. The only thing that you can do is try to make it as difficult as > possible for someone to gain access. The only true way to secure a computer > is to shut it off and lock it in a closet. > Maybe. But cabletron isn't even trying. The default access permissions on the directories are a complete disaster. So ok, you don't run as root, but the spectrum user is wide open to manipulation. We basically decided not to allow ANY users (except the system administrator) shell access on the spectrum machine due to this. For another laugh, just telnet to the spectrum API port. You end up with a corrupted spectrum (last tested in version 4).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:48 PDT