FBB archive - October 1998: Re: Next update fbb?

Re: Next update fbb?

Emery Heintz (anxfhowz.oytorz@mail.dy.fi)
Fri, 30 Oct 1998 07:59:15 -0800

This is a multi-part message in MIME format.

------=_NextPart_000_0011_01BE03DB.30173120
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello fellow FBB users

In regards to disk access I have never experienced a security problem of =
access to area's of a drive or drives that I have not specified, when =
the system is properly configured. I have personally found that manual =
editing of the init.srv and passwd.sys are required at times to correct =
problems of drive access.

The init.srv file setting determine individual users privileges for =
several different levels, which will probably require several test in =
which you log into the system remotely. Either by connecting to a node =
and then reconnecting back to the board... If your running BPQ you can =
connect to the switch, then to the board without ever transmitting. =
Start by setting the permissible access levels to a very restrictive =
environment. You will need to study very closely the relation ships =
of SYSOP and NON-SYSOP. You will also need to use the "EU" command to =
change your privileges to conduct the test.

The PASSWD.SYS contains two sets of numbers before each password. The =
first number is the access level for sysops that have not issued a =
successful sysop command. The second set of numbers are valid after a =
successful sysop command. The very first password is for all =
unspecified sysop not listed in the password file. This provides you a =
very flexible sysop structure to adjust individual users privileges.

I have noticed that FBB7.00? has became more restrictive toward drive =
access for sysops after the SYSOP command. The current version 7.00G =
will not allow remote sysop access to drives that are not specified in =
the INT.SRV file. I don't know when this change took place, but I do =
like the feature. However if a user has issued the sysop command and =
you have specified access to that drive path in the INIT.SRV file, the =
user will have access to the entire drive after the successful sysop =
command.

A word of caution about allowing remote activation's of DOS commands. =
I like to write small batch files to install small programs remotely. =
With this ability, a batch file could be created for almost any purpose. =
The batch file would have access to the entire system just like you =
were setting at the keyboard. With that thought in mind, make the =
passwords very complicated.=20

=20
73

Emery

-----Original Message-----
From: Eddie Lania <sgo.qnvy@acer-euro.com>
To: FBB-list <wup.bkeirfq@tbwachiat.com>
Date: Friday, October 30, 1998 4:16 AM
Subject: Next update fbb?
=20
=20
=20
-----Original message----
From: Eddie Lania <ovssyj.wmucu@mujsvet.net>
To: Jean Paul Roubelat <ibi.ahkseh@biznet.com.tr>
Date: friday 30 oktober 1998 8:45
Subject: Next update fbb?
=20
=20
Hello Jean Paul.
=20
Is it true that the bugs that i have found in the winfbb700f version =
(and wich i have described later in this email) have been taken out of =
the winfbb700g version?
Can you tell me when the next update will be released of winfbb?
=20
I am still running the 700f version here because winfbb700g crashes =
here from time to time and winfbb700f runs perfect.
So, i am forced to use winfbb700f.=20
=20
I found that there are some bugs in the f version like the command =
cd ... at the fbbdos prompt wich enables a user to get in to the root =
directorie of the fbb disk.
(windows 95 enables the cd ... , it's no problem when still running =
win3.xx with other dos versions like 6.22 or below).
=20
I also noticed that user can delete every file they want in fbbdos.
I checked all securety settings in init.srv, no problem there!=20
Even new users can delete any file they want to.=20
=20
So, this is what i have done now:
=20
1st: i set the readonly attribute on every file in the user =
directorie, this is done in housekeeping and when starting up the bbs.
=20
2nd: i substituted the user directorie to driveletter F: so that =
becomes my new user dir and now they cannot use cd ... or cd .... to =
jump in to the root dir of my disk.
=20
But i am not verry happy by having to make all these changes, i'd =
rather would like to use a newer version of winfbb with no more of these =
bugs in it.
I can switch to the newer version wfbb700g but then i would have to =
sit by my computer all day and night and watch it for crashes.......
=20
Have you already discovered to be the problem in winfbb700g that =
makes it crash on some systems?
=20
I hope for an answer soon.
=20
Thank you!
=20
=20
Eddie.
=20

------=_NextPart_000_0011_01BE03DB.30173120
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

Hello fellow FBB users
 
In regards to disk access I have never experienced a = security=20 problem of access to area's of a drive or drives that I have not = specified, when=20 the system is properly configured. I have personally found that manual = editing=20 of the init.srv and passwd.sys are required at times to correct problems = of=20 drive access.
 
The init.srv file setting determine individual users = privileges for several different levels,  which will probably = require=20 several test in which you log into the system remotely.  Either by=20 connecting to a node and then reconnecting back to the board... If your = running=20 BPQ you can connect to the switch, then to the board without ever=20 transmitting.  Start by setting the permissible access levels to a = very=20 restrictive environment.    You will need to study very = closely=20 the relation ships of SYSOP and NON-SYSOP.  You will also need to = use the=20 "EU" command to change your privileges to conduct the=20 test.
 
The PASSWD.SYS  contains two = sets of=20 numbers before each  password.  The first number is the access = level=20 for sysops that have not issued a successful sysop command.  The = second set=20 of numbers are valid after a successful sysop command.  The very = first=20 password is for all unspecified sysop not listed in the password file. = This=20 provides you a very flexible sysop structure to adjust individual users=20 privileges.
 
I have noticed that FBB7.00? has became more = restrictive=20 toward drive access for sysops after the SYSOP command.  The = current=20 version 7.00G will not allow remote sysop access to drives that are not=20 specified in the INT.SRV file.  I don't know when this change took=20 place,  but I do like the feature.  However if a user has = issued the=20 sysop command and you have specified access to that drive path in the = INIT.SRV=20 file, the user will have access to the entire drive after the successful = sysop=20 command.
 
A word of caution about allowing remote activation's = of =20 DOS commands.  I like to write small batch files to install small = programs=20 remotely.  With this ability, a batch file could be created for = almost any=20 purpose.  The batch file would have access to the entire system = just like=20 you were setting at the keyboard.  With that thought in mind,  = make=20 the passwords very complicated. 
 
  
73
 
Emery
 
-----Original = Message-----
From:=20 Eddie Lania <staue@chims.net>
To: = FBB-list=20 <terhi.victor@logonet.com>
Date:=20 Friday, October 30, 1998 4:16 AM
Subject: Next update=20 fbb?

 
-----Original = message----
From:=20 Eddie Lania <kkqdkljf.ktujwylpd@relay.tunkki.fi>
To: = Jean Paul=20 Roubelat <ydjebbrw.zvlr@dhl.com>
Date: = friday 30=20 oktober 1998 8:45
Subject: Next update=20 fbb?

 
Hello Jean = Paul.
 
Is=20 it true that the bugs that i have found in the winfbb700f version = (and wich=20 i have described later in this email) have been taken out of the = winfbb700g=20 version?
Can you tell me when the next = update will be=20 released of winfbb?
 
I am still running the 700f version = here=20 because winfbb700g crashes here from time to time and winfbb700f = runs=20 perfect.
So, i am forced to use=20 winfbb700f. 
 
I found that there are some bugs in = the f=20 version like the command cd ... at the fbbdos prompt wich enables a = user to=20 get in to the root directorie of the fbb disk.
(windows 95 enables the cd ... , it's no problem when still = running=20 win3.xx with other dos versions like 6.22 or below).
 
I also noticed that user can delete = every file=20 they want in fbbdos.
I checked all securety settings in = init.srv, no=20 problem there! 
Even new users can delete any file = they want=20 to. 
 
So, this is what i have done = now:
 
1st: i set the readonly attribute = on every file=20 in the user directorie, this is done in housekeeping and when = starting up=20 the bbs.
 
2nd: i substituted the user = directorie to=20 driveletter F: so that becomes my new user dir and now they cannot = use cd=20 ... or cd .... to jump in to the root dir of my disk.
 
But i am not verry happy by having = to make all=20 these changes, i'd rather would like to use a newer version of = winfbb with=20 no more of these bugs in it.
I can switch to the newer version = wfbb700g but=20 then i would have to sit by my computer all day and night and watch = it for=20 crashes.......
 
Have you already discovered to be = the problem=20 in winfbb700g that makes it crash on some systems?
 
I hope for an answer = soon.
 
Thank you!
 
 
Eddie.
 
------=_NextPart_000_0011_01BE03DB.30173120--