Subject: [JFORREST: RBBS/ZCPR2]

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>

Date   : Wed, 08 Aug 1984 11:35:00 MDT (Wed)
From   : Richard Conn <RCONN@Simtel20.ARPA>
Subject: [JFORREST: RBBS/ZCPR2]

FYI - this is the message I responded to in my comments about security
under ZCPR3. -- Rick

Date: Wednesday, 8 August 1984  06:30-MDT
From: Jim Forrest <JFORREST at SIMTEL20.ARPA>
To:   KPETERSEN at SIMTEL20.ARPA
cc:   JFORREST at SIMTEL20.ARPA
Re:   RBBS/ZCPR2
ReSent-From: KPETERSEN@SIMTEL20
ReSent-To: RCONN
ReSent-Date: Wed 8 Aug 1984 07:14-MDT

Keith

Found a serious weakness in security

With user areas restricted to 0-9, a user in 0: can type:

11:sweep2<ret>

Then can use sweep to go to any user area as it over-rides bye limits

I have tried protect and password (whatever correct names are) to no
avail.

Possibly I have bye set for cpm 2.2 and not zcpr2 or nzcpr2. I am
using version of zcpr2 set up for security that eliminates some
commands. I was not sure which to use in bye as I had some trouble
when I set on zcpr2 or nzpr2. That may be due to difference in max
user set with genins and max user set in bye.

Jim

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>