HP OpenVMS Systems

IMPERSONATE (DETACH) and other heavy privileges?

» close window

The Question is:

 
How can a user with the impersonate privilege use it to take over another
UIC ?
 
 
 

The Answer is :

 
  The OpenVMS Wizard is not in a position to discuss the particulars of
  how privileges can be misused -- suffice it to say that the IMPERSONATE
  privilege (formerly known as the DETACH privilege) is documented and is
  expected to allow a user to access the files and the objects owned by
  any other user, and thus IMPERSONATE is an all-powerful privilege.  The
  IMPERSONATE privilege is equivilent to other heavy privileges such as the
  PHY_IO and SETPRV; any "all-class" privilege can be directly (mis)used to
  gain full OpenVMS system access.
 

  

     

     
answer written or last revised on ( 7-AUG-2000 )
     
» close window