SuperUser ID's

From: Ethan Dicks <>
Date: Fri Nov 5 11:33:58 1999

--- wrote:
> As memory (dimly) serves me, under VMS, any userid with "SETPRV"
> capabilities

Oh, yeah. That's the ticket!

> would do it. There were some other priviledges, that, if carelessly granted,
> could enable a user to gain control of a system. IIRC, SYSNAM was one of
> them.

My "favorites" are BYPASS and CMKRNL. BYPASS does just that: bypasses all
UIC-based checking - reads, writes, deletes, etc. It's handy when you need
to delete a directory tree, but it's a dangerous one to leave on by default.
My typical scheme is to leave BYPASS _disabled_ for the SYSTEM account asa
default priv. CMKRNL allows your process to execute a "change mode to kernel"
call, which allows you to read and write physical memory. With this priv,
a malicious programmer can write code to peek at the process headers of other
processes on the system (like a "who" command would) or even tweak their own
header bits, possibly granting themselves permissions or changing their
effective user name. I used to have programs in C and FORTRAN to do all these
things, but they only work on pre-VMS-5 releases (and I didn't write them; I
inherited them when I took over a VAX-11/750 w/Fuji Eagle, running VMS 4.2
about 13 years ago).


Infinet has been sold. The domain is going away in February.
Please send all replies to
Do You Yahoo!?
Bid and sell for free at
Received on Fri Nov 05 1999 - 11:33:58 GMT

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:32:28 BST