ADSM-L

client schedule security question

1997-04-03 03:52:04
Subject: client schedule security question
From: Dirk Kastens <dkastens AT RZ.UNI-OSNABRUECK DOT DE>
Date: Thu, 3 Apr 1997 10:52:04 +0200
Hi,

the client schedule gives the possibility to define
an operating system command that is executed on
the client at a specific point in time. I played
around a bit with this option and could successfully
delete files on a client.

define schedule domain remove action=command \
   object="/bin/rm -rf /dir"

I could also start the makeuser command, for instance.
I wonder if this isn't a security hole. A hacker only
has to crack ADSM's administrative password to get
access to all the clients that run the scheduler,
instead of cracking hundreds of client passwords.
If I start an administrative client session, the
password goes over the network. What can I do to
maximize ADSM security?

Regards,

Dirk Kastens _______________Dirk.Kastens AT rz.Uni-Osnabrueck DOT DE
Universitaet Osnabrueck     Phone: +49/541/969-2347 (work)
Rechenzentrum               Fax:   +49/541/969-2470 (work)
Albrechtstr. 28             Phone: +49/541/258182   (private)
49069 Osnabrueck
Germany
<Prev in Thread] Current Thread [Next in Thread>