HP OpenVMS Systems

ask the wizard
Content starts here

IMPERSONATE (DETACH) and other heavy privileges?

» close window

The Question is:

How can a user with the impersonate privilege use it to take over another

The Answer is :

  The OpenVMS Wizard is not in a position to discuss the particulars of
  how privileges can be misused -- suffice it to say that the IMPERSONATE
  privilege (formerly known as the DETACH privilege) is documented and is
  expected to allow a user to access the files and the objects owned by
  any other user, and thus IMPERSONATE is an all-powerful privilege.  The
  IMPERSONATE privilege is equivilent to other heavy privileges such as the
  PHY_IO and SETPRV; any "all-class" privilege can be directly (mis)used to
  gain full OpenVMS system access.

answer written or last revised on ( 7-AUG-2000 )

» close window