[Simh] Re: Releasing terspy.mar - vax/vms terminal spy program
Hunter Goatley
goathunter at goatley.com
Wed Mar 25 11:27:20 EDT 2020
On 3/25/2020 10:03 AM, Hittner, David T [US] (MS) wrote:
>
> For a while, there was a company selling a SPY utility for VMS, as
> well as freebie versions floating around. The commercial version
> allowed the watcher to enter data in the watched session by using a
> special command sequence to enable remote data entry. I don’t recall
> any of the freebie versions ever allowing data entry from the watcher,
> for fairly obvious security reasons.
>
Clyde Digital Systems had AUDIT and CONTRL that let you do that (AUDIT
logged, CONTRL let an admin watch and/or take over a terminal session).
Networking Dynamics had PEEK and SPY, which were competing products.
I should say "has." Networking Dynamics still sells PEEK & SPY, and
Raxco still sells AUDIT and CONTRL.
I worked for Clyde Digital.
There was a freeware program called WATCH. It did not allow for taking
over a session, just watching it. Or maybe it did allow it and was just
so buggy that you were advised not to.
Then there was the Supervisor Series, sold by Precision Data Systems.
They were later acquired by Security Pacific Software Services. In 1992,
they released the Supervisor Series into the public domain. At that
point, I took it over, added features, fixed bugs, and maintained it as
the Supervisor Series freeware project.
I maintained that for several years, but due to the litigious nature of
yet another company with competing products, I never ported the
Supervisor Series to Alpha (which means it was never ported to Itanium,
either).
The Supervisor Series still runs on OpenVMS VAX V5.0 or later. You can
find it here:
http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=supervisor&description=&author=&system=Either&language=All&RD=&RM=&RY=
> There was also another highly privileged program on the DECUS tapes,
> GLOGIN, which allowed a privileged user to login as another user, so
> that you could see what application behavior occurred within the
> context of a specific user. I found a weird bug in one of our
> application programs that only occurred when the username was
> _exactly_ 7 characters long using GLOGIN to login as the user who had
> reported the bug that we couldn’t duplicate ourselves. J
>
The original GLOGIN used the pseudo-terminal routines that used to float
around. When DEC added the supported PTD$ routines for pseudo terminals,
I wrote my own version of that called HGLOGIN. Here's part of the readme:
HGLOGIN lets privileged users log in to a named account without
having to know the password for that account. A process running
under the target username is created. Its input and output are read
from a pseudo-terminal, which is controlled by HGLOGIN.
Unlike BECOME and SWAP, the process created by HGLOGIN is a full
process, with all the privileges, rights identifiers, quotas, DCL
symbols, logical names, etc., as well as anything else that is set
up in the target user's LOGIN.COM.
BECOME and SWAP were two other kernel-mode programs that modified the
username and UIC of the running process to be some other user. They were
handy, but they had kernel-mode code and they didn't change quotas, etc.
HGLOGIN was also much safer to use, as it used a documented interface
provided by VMS.
HGLOGIN is also available in my freeware archive. It runs on all
platforms, but requires whatever version of VMS introduced the PTD$
routines.
http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=hglogin&description=&author=&system=Either&language=All&RD=&RM=&RY=
If you're not familiar with my VMS freeware archive:
http://www.process.com/resources/openvms/index.html
--
Hunter
------
Hunter Goatley, Process Software, http://www.process.com/
goathunter at goatley.com http://hunter.goatley.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.trailing-edge.com/pipermail/simh/attachments/20200325/556789ad/attachment-0001.html>
More information about the Simh
mailing list