From:	CSBVAX::CSBVAX::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 30-MAR-1989 17:09
To:	MRGATE::"ARISIA::EVERHART"
Subj:	security risk: default of another process


Received: From KL.SRI.COM by CRVAX.SRI.COM with TCP; Thu, 30 MAR 89 13:32:10 PDT
Received: from EQL.Caltech.Edu by KL.SRI.COM with TCP; Thu, 30 Mar 89 13:16:16 PST
Date:     Thu, 30 Mar 89 13:15:03 PST
From:     rankin@EQL.Caltech.Edu (Pat Rankin)
Message-Id: <890330131016.202000d7@EQL.Caltech.Edu>
Subject:  security risk: default of another process
To:       jamison@campus.swarthmore.edu
cc:       info-vax@kl.sri.com

>
> I have written a program which lists the default directory, PID, username
> and UAF owner info for all interactive processes on the system.  It is
> based on DEFDIR.MAR (from Dan Graham).

     Be sure to check the translation of SYS$DISK for the presence of
an access control string.  You need to suppress the password if it has one.
(Even though the functionality is limited, some users occasionally do
attempt to set default to another network node.)

                                        Pat Rankin
                                    rankin@eql.caltech.edu