Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!decvax!tektronix!hplabs!sri-unix!RCONN@Simtel20.ARPA From: RCONN@Simtel20.ARPA Newsgroups: net.micro.cpm Subject: [JFORREST: RBBS/ZCPR2] Message-ID: <12219@sri-arpa.UUCP> Date: Wed, 8-Aug-84 13:35:00 EDT Article-I.D.: sri-arpa.12219 Posted: Wed Aug 8 13:35:00 1984 Date-Received: Fri, 10-Aug-84 08:14:22 EDT Lines: 34 From: Richard ConnFYI - this is the message I responded to in my comments about security under ZCPR3. -- Rick Date: Wednesday, 8 August 1984 06:30-MDT From: Jim Forrest To: KPETERSEN at SIMTEL20.ARPA cc: JFORREST at SIMTEL20.ARPA Re: RBBS/ZCPR2 ReSent-From: KPETERSEN@SIMTEL20 ReSent-To: RCONN ReSent-Date: Wed 8 Aug 1984 07:14-MDT Keith Found a serious weakness in security With user areas restricted to 0-9, a user in 0: can type: 11:sweep2 Then can use sweep to go to any user area as it over-rides bye limits I have tried protect and password (whatever correct names are) to no avail. Possibly I have bye set for cpm 2.2 and not zcpr2 or nzcpr2. I am using version of zcpr2 set up for security that eliminates some commands. I was not sure which to use in bye as I had some trouble when I set on zcpr2 or nzpr2. That may be due to difference in max user set with genins and max user set in bye. Jim