From: MERC::"uunet!CRVAX.SRI.COM!RELAY-INFO-VAX" 31-DEC-1992 03:52 31-DEC-1992 03:52:00.00 To: info-vax@kl.sri.com CC: Subj: Re: HELP!!! Security problem for gurus. In article <1hgtgpINNfjb@gap.caltech.edu> carl@SOL1.GPS.CALTECH.EDU writes: >In article <1992Dec23.194607.26032@ncsa.uiuc.edu>, jsue@ncsa.uiuc.edu (Jeffrey L. Sue) writes: >=In article <1h9e1nINN1c9@gap.caltech.edu> carl@SOL1.GPS.CALTECH.EDU writes: >=>In article <1992Dec22.161918.9033@ncsa.uiuc.edu>, jsue@ncsa.uiuc.edu (Jeffrey L. Sue) writes: >=>>Now that's a creative way to do it. Just hope MAIL doesn't decide to use >=>>that MAILbigfilename.MAI sometime - though it may check for this and handle >=>>it correctly, I've no idea how to test this. (besides I'm sure that the >=>>possibility is quite small) >=> >=>Easy: Just pick a date that's before NOW. >=Hmm.... >=MAIL$09A8BDA800050096.MAI doesn't like it has anything to do with a date. > >Well, that's because you don't know anything about what you're talking about, >now isn't it? The numerical part of the name consists of: > > The hexadecimal representation of the second and third words of the > time the message was received; > > A four-character hexadecimal code identifying the sort of filename this > is (the format changed between VMS v4 and VMS v5); > > The hexadecimal representation of the high order word of the time the > message was received. > >So the numerical part of the filename (09A8BDA800050096) refers to system time >009609A8BDA80000 or thereabouts (the low-order word of the system time isn't >used, so the granularity is to about a centisecond), which translates to: >14-SEP-1992 11:24:44. Good information... where is this documented? That was the point of the original flame: that others don't take the time to look it up in the documentation. Again, you are correct that I don't know what I'm talking about here, which is why the question was raised, don't you think? Questions are otherwise known as queries, and often used (at least by me) to find out information not known. Remember, I did look through the documentation and this info was *not* easily found. > >=Gee... some of us have *real* jobs, some of which doesn't even apply to VMS. >=Actually, I know quite a bit of how VMS works, however little things like >=how MAIL determines what "bignumber" to use is of little value to me. > >I see. You just couldn't be troubled to pay attention this issue last came up >(a couple of weeks ago) and was discussed in detail? Alas, scanning for information on Internet (or elsewhere) is not what I get paid for most - it's results for my customers. If I don't get to the news services for a few days a bunch of messages get marked as read due to the lack of time... and I still never catch up. -- ----- Jeff Sue - All opinions are mine - (and you can't have any, nya nya nya)