security problem with OpenLook calendar manager V 3.3

security problem with OpenLook calendar manager V 3.3

Post by Yuval Tam » Tue, 02 Aug 1994 14:03:21

There seems to be a security problem with the current
version of Sun's calendar manager.
This is version 3.3 of Sun's calendar manager running on
OpenWindows 3.3 on Solaris 2.3.
No matter what I do with the "Privacy" menu or access list
and permissions screen, it is possible to access the calendar
from another host.
Security was correctly maintained with V3 cm under SunOS 4.1.1.

Please respond if you have a solution or workaround.
Please also respond if you can verify that security/privacy is
maintained for cm on your OpenWindows 3.3.
I will summarize here any useful info I receive.


1. Solaris 2.5 CDE calendar manager security

Under Solaris 2.5, OpenWindows 3.5, without CDE,
you can prevent anybody on any other machine from
accessing your calendar.

Installing CDE, sets up another rpc.cmsd (from /usr/dt/bin).
Once this is running, any user with the same username
on another machine can access your calendar.
Is there any way to get /usr/dt/bin/rpc.cmsd to maintain
privacy properly (like /usr/openwin/bin/rpc.cmsd) ?

The only workaround I could find is to revert to
/usr/openwin/bin/rpc.cmsd but then you cannot use dtcm
and need to go back to cm.

2. Samba Help Needed

3. Calendar Manager, File Manager, and Screenblank

4. sysinstall still buggy in 3.2-RELEASE?

5. WebEvent 3.04 released - Web Calendar, CGI Calendar, WWW Calendar

6. netatalk 1.4b2 Port with ASUN 2.1.1

7. changing window manager under xfree86 3.3

8. DNS,Bind,Sunos,etc

9. calendar manager problem

10. calendar manager daemon problems

11. calendar manager problem

12. calendar manager problems

13. Calendar Manager (cm) problems in 2.4