|
The Question is:
How can a user with the impersonate privilege use it to take over another
UIC ?
The Answer is :
The OpenVMS Wizard is not in a position to discuss the particulars of
how privileges can be misused -- suffice it to say that the IMPERSONATE
privilege (formerly known as the DETACH privilege) is documented and is
expected to allow a user to access the files and the objects owned by
any other user, and thus IMPERSONATE is an all-powerful privilege. The
IMPERSONATE privilege is equivilent to other heavy privileges such as the
PHY_IO and SETPRV; any "all-class" privilege can be directly (mis)used to
gain full OpenVMS system access.
|
