|
On 25 Apr 2005 15:59:14 -0000, shalom@xxxxxxxxxx <shalom@xxxxxxxxxx> wrote: > Michael, > I can live with assumptions, but what in your opinion is inaccurate? Shalom, If the PC user is signed on ( to the PC ) with a "user" account ( compared to super user and administrator ) how much harm can a malicious hacker do thru STRPCCMD and the REXEC service? When I ran STRPCCMD pccmd( 'net user evil hacker /add' ) the user "evil" was created with USER rights. As I understand it, such a user cannot install any software on a PC. How would the next step of using FTP to get and run bo2k.exe get around that restriction? ( btw, thanks for posting these issues. I look forward to IBM's detailed response. ) -Steve > > Shalom Carmel > ------------- > www.venera.com - Exposing iSeries insecurity > > Michael Crump said: > > Suffice to say, not sure if I would call them lies > > but there are assumptions and inaccuracies. > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
