SECURITY: How to disable NetWare Internal Debugger

0 views
Skip to first unread message

Thomas Nagel

unread,
Mar 14, 1994, 5:37:07 AM3/14/94
to
Hello everybody,
just by coincidence I came around a thing I'd consider a security leak.
Anybody having access to the keyboard of a NetWare server can enter the
internal debugger, regardless of the keyboard lock of the Monitor NLM,
without any password at all.
Does anybody know how to prevent this?
Please reply by E-Mail.
Thomas Nagel
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::MM:::::::MM:: Dr. Materna Group, Dortmund, Germany :
::MMM:::::MMM:: Systems - Software - Consultancy :
::MMMM:::MMMM:: :
::MM:MM:MM:MM:: Thomas Nagel SNA Section :
::MM::MMM::MM:: :
::MM:::M:::MM:: voice +49-(0)231-5599-336 :
::MM:::::::MM:: email ktn...@materna.de, CIS:100143,3665:
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Joi L. Ellis

unread,
Mar 14, 1994, 2:58:06 PM3/14/94
to
KTN...@Materna.De (Thomas Nagel) writes:

Take the right-shift's switch out from under the key on the
keyboard. They'd have to switch keyboards to get at the debugger, that
way.

--
Joi Ellis ms...@uxa.ecn.bgu.edu
Student Residential Programs Western Illinois University

Lloyd

unread,
Mar 14, 1994, 4:50:10 PM3/14/94
to
>
> Take the right-shift's switch out from under the key on the
> keyboard. They'd have to switch keyboards to get at the debugger, that
> way.
>

That would work. But isn't typing "SECURE CONSOLE" easier?

--
My good signature is still at the cleaners

Malcolm D. Moore

unread,
Mar 15, 1994, 2:07:17 PM3/15/94
to
KTN...@Materna.De (Thomas Nagel) writes:

>Hello everybody,
> just by coincidence I came around a thing I'd consider a security leak.
>Anybody having access to the keyboard of a NetWare server can enter the
>internal debugger, regardless of the keyboard lock of the Monitor NLM,
>without any password at all.
>Does anybody know how to prevent this?
>Please reply by E-Mail.
>Thomas Nagel

SECURE CONSOLE will do what you want.

-malcolm
--
Malcolm D. Moore * BioData MIS * mal...@biodata.com * md...@netcom.com
"from city to city, valley to valley, ain't any other state on hit like Cali!"
"well damn, Short, if it wasn't for earthquakes, rampant crime
and a lifeless economy, i'd agree witcha." - me

Thomas Nagel

unread,
Mar 17, 1994, 8:18:10 AM3/17/94
to
In article <mdm2CMp...@netcom.com> md...@netcom.com (Malcolm D. Moore) writes:
>From: md...@netcom.com (Malcolm D. Moore)
>Subject: Re: SECURITY: How to disable NetWare Internal Debugger
>Keywords: NetWare Security
>Date: Tue, 15 Mar 1994 19:07:17 GMT

>KTN...@Materna.De (Thomas Nagel) writes:

>>Hello everybody,
>> just by coincidence I came around a thing I'd consider a security leak.
>>Anybody having access to the keyboard of a NetWare server can enter the
>>internal debugger, regardless of the keyboard lock of the Monitor NLM,
>>without any password at all.
>>Does anybody know how to prevent this?
>>Please reply by E-Mail.
>>Thomas Nagel

>SECURE CONSOLE will do what you want.

No it does not! I tried it.

>-malcolm

Fons en Willem

unread,
Mar 18, 1994, 12:55:42 PM3/18/94
to
In article <KTNAGEL.9...@materna.de>,

Thomas Nagel <KTN...@Materna.De> wrote:
>In article <mdm2CMp...@netcom.com> md...@netcom.com (Malcolm D. Moore) writes:
>>From: md...@netcom.com (Malcolm D. Moore)
>>Subject: Re: SECURITY: How to disable NetWare Internal Debugger
>>Keywords: NetWare Security
>>Date: Tue, 15 Mar 1994 19:07:17 GMT
>
>>KTN...@Materna.De (Thomas Nagel) writes:
>
>>>Hello everybody,
>>> just by coincidence I came around a thing I'd consider a security leak.
>>>Anybody having access to the keyboard of a NetWare server can enter the
>>>internal debugger, regardless of the keyboard lock of the Monitor NLM,
>>>without any password at all.
>>>Does anybody know how to prevent this?
>>>Please reply by E-Mail.
N>>Thomas Nagel

>
>>SECURE CONSOLE will do what you want.
>
>No it does not! I tried it.
check for typing errors :)


Well I have found one way around it.
when the server abends, which is something you can enforce by loading buggy
software.
you can enter the debugger again, than after cleaning up the stack by hand
removeing the buggy process from the run queue, and restarting netware
(and changing entries from the connection table if you would like
to make yourself supervisor)

I think it would work ( I checcked the first part, you can enter the
debugger
after the server abends)
>>-malcolm >
>Thomas Nagel
willem
>

Malcolm D. Moore

unread,
Mar 19, 1994, 7:27:06 PM3/19/94
to
KTN...@Materna.De (Thomas Nagel) writes:

>>>Anybody having access to the keyboard of a NetWare server can enter the
>>>internal debugger, regardless of the keyboard lock of the Monitor NLM,
>>>without any password at all.
>>>Does anybody know how to prevent this?
>>>Please reply by E-Mail.
>>>Thomas Nagel

>>SECURE CONSOLE will do what you want.

>No it does not! I tried it.

are you running 3.11? run nfolio, open the !netware.nfo file, search
for the word 'debugger'. don't *tell* me it doesn't work, i've tried
it numerous times!

Reply all
Reply to author
Forward
0 new messages