[HECnet] Disallow system from dz lines (OpenVMS/VAX 7.3)
Brian Hechinger
wonko at 4amlunch.net
Mon Dec 20 01:31:13 PST 2021
Hopped on for a minute. Fun! 4.3 BSD was my first unix experience. (Not
on a VAX though, on an IBM RT PC).
Thanks for the nostalgia!
-brian
On 19/12/21 23:18, Supratim Sanyal wrote:
> BTW Josh Dersch (I don’t know if he is here) posted this on Facebook.
> I logged in and couldn’t resist dropping a shell script to telnet to
> my DZ. that’s the driver for this sudden worry about security.
>
> “ It was getting cold here in the basement today so I fired up the
> 11/750, running 4.3bsd-quasijarus. If anyone wants to play around
> with it, ssh to vax750 at yahozna.dyndns.org (pw: vax750) and then login
> again as "guest"... tell your friends!”
>
>
> ---
> Supratim Sanyal, W1XMT
> QCOCAL::SANYAL via HECnet <http://www.update.uu.se/~bqt/hecnet.html>
>
>
>> On Dec 19, 2021, at 6:07 PM, Johnny Billquist <bqt at softjar.se> wrote:
>>
>> And by the way, I would really just change what hours you are
>> allowed to log in as local. I wouldn't start mucking about with the
>> line attributes.
>>
>> Also, I'd create a second user with SETPRV, and then you can mess up
>> SYSTEM as much as you want. Then it's easy to recover with your other
>> user.
>>
>> Johnny
>>
>> On 2021-12-20 00:05, Johnny Billquist wrote:
>>> I think the console is *always* possible to log in on, no matter
>>> what else you do.
>>> And beyond that, you can always also just break into the system at
>>> boot on the console, and change accounting information. So it's
>>> always recoverable.
>>> Johnny
>>> On 2021-12-20 00:02, Supratim Sanyal wrote:
>>>> Ok. A couple of things to try. Wanted a confidence boost to not
>>>> lock myself out. Thanks.
>>>>
>>>>> On Dec 19, 2021, at 5:49 PM, Johnny Billquist <bqt at softjar.se> wrote:
>>>>>
>>>>> Yes, or /REMOTE... But, by default, a DZ line would be classified
>>>>> as local. If you set them as remote or dialup, it should also
>>>>> start playing with modem signalling...
>>>>>
>>>>> Johnny
>>>>>
>>>>>> On 2021-12-19 23:47, Keith Halewood wrote:
>>>>>> Don’t you just set the line characteristics with
>>>>>> SET TERM/DIALUP TT….. and that’s classed as non-local?
>>>>>> K
>>>>>>>> On 19 Dec 2021, at 22:39, Johnny Billquist <bqt at softjar.se> wrote:
>>>>>>>
>>>>>>> Uh... You do understand what the line "local" means, right?
>>>>>>> That's what your DZ lines normally would be classified as.
>>>>>>>
>>>>>>> Johnny
>>>>>>>
>>>>>>>> On 2021-12-19 23:23, Supratim Sanyal wrote:
>>>>>>>> OpenVMS VAX 7.3: This stops remote logins to SYSTEM even if
>>>>>>>> correct password is provided (works for set host and telnet
>>>>>>>> with Digital TCP/IP, though my version of MULTINET does not
>>>>>>>> honor it).
>>>>>>>> Is there a way to deny SYSTEM account access when correct
>>>>>>>> password is provided from DZ lines?
>>>>>>>> Network: ----- No access ------ ----- No access
>>>>>>>> ------
>>>>>>>> Batch: ##### Full access ###### ##### Full access
>>>>>>>> ######
>>>>>>>> Local: ##### Full access ###### ##### Full access
>>>>>>>> ######
>>>>>>>> Dialup: ----- No access ------ ----- No access
>>>>>>>> ------
>>>>>>>> Remote: ----- No access ------ ----- No access
>>>>>>>> ------
>>>>>>>> Thank you.
>>>>>>>> Supratim
>>>>>>>
>>>>>>> --
>>>>>>> Johnny Billquist || "I'm on a bus
>>>>>>> || on a psychedelic trip
>>>>>>> email: bqt at softjar.se || Reading murder books
>>>>>>> pdp is alive! || tryin' to stay hip" - B. Idol
>>>>>
>>>>> --
>>>>> Johnny Billquist || "I'm on a bus
>>>>> || on a psychedelic trip
>>>>> email: bqt at softjar.se || Reading murder books
>>>>> pdp is alive! || tryin' to stay hip" - B. Idol
>>
>> --
>> Johnny Billquist || "I'm on a bus
>> || on a psychedelic trip
>> email: bqt at softjar.se || Reading murder books
>> pdp is alive! || tryin' to stay hip" - B. Idol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sonic.net/mailman/private/hecnet-list/attachments/20211220/0749afaa/attachment-0001.htm>
More information about the Hecnet-list
mailing list