[Simh] Re: Releasing terspy.mar - vax/vms terminal spy program

[Hunter Goatley]

On 3/25/2020 10:03 AM, Hittner, David T [US] (MS) wrote:
>
> For a while, there was a company selling a SPY utility for VMS, as 
> well as freebie versions floating around. The commercial version 
> allowed the watcher to enter data in the watched session by using a 
> special command sequence to enable remote data entry. I don’t recall 
> any of the freebie versions ever allowing data entry from the watcher, 
> for fairly obvious security reasons.
>
Clyde Digital Systems had AUDIT and CONTRL that let you do that (AUDIT 
logged, CONTRL let an admin watch and/or take over a terminal session). 
Networking Dynamics had PEEK and SPY, which were competing products.

I should say "has." Networking Dynamics still sells PEEK & SPY, and 
Raxco still sells AUDIT and CONTRL.

I worked for Clyde Digital.

There was a freeware program called WATCH. It did not allow for taking 
over a session, just watching it. Or maybe it did allow it and was just 
so buggy that you were advised not to.

Then there was the Supervisor Series, sold by Precision Data Systems. 
They were later acquired by Security Pacific Software Services. In 1992, 
they released the Supervisor Series into the public domain. At that 
point, I took it over, added features, fixed bugs, and maintained it as 
the Supervisor Series freeware project.

I maintained that for several years, but due to the litigious nature of 
yet another company with competing products, I never ported the 
Supervisor Series to Alpha (which means it was never ported to Itanium, 
either).

The Supervisor Series still runs on OpenVMS VAX V5.0 or later. You can 
find it here:

http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=supervisor&description=&author=&system=Either&language=All&RD=&RM=&RY=


> There was also another highly privileged program on the DECUS tapes, 
> GLOGIN, which allowed a privileged user to login as another user, so 
> that you could see what application behavior occurred within the 
> context of a specific user. I found a weird bug in one of our 
> application programs that only occurred when the username was 
> _exactly_ 7 characters long using GLOGIN to login as the user who had 
> reported the bug that we couldn’t duplicate ourselves. J
>
The original GLOGIN used the pseudo-terminal routines that used to float 
around. When DEC added the supported PTD$ routines for pseudo terminals, 
I wrote my own version of that called HGLOGIN. Here's part of the readme:

    HGLOGIN lets privileged users log in to a named account without
    having to know the password for that account.  A process running
    under the target username is created.  Its input and output are read
    from a pseudo-terminal, which is controlled by HGLOGIN.

    Unlike BECOME and SWAP, the process created by HGLOGIN is a full
    process, with all the privileges, rights identifiers, quotas, DCL
    symbols, logical names, etc., as well as anything else that is set
    up in the target user's LOGIN.COM.

BECOME and SWAP were two other kernel-mode programs that modified the 
username and UIC of the running process to be some other user. They were 
handy, but they had kernel-mode code and they didn't change quotas, etc. 
HGLOGIN was also much safer to use, as it used a documented interface 
provided by VMS.

HGLOGIN is also available in my freeware archive. It runs on all 
platforms, but requires whatever version of VMS introduced the PTD$ 
routines.

http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=hglogin&description=&author=&system=Either&language=All&RD=&RM=&RY=

If you're not familiar with my VMS freeware archive:

http://www.process.com/resources/openvms/index.html


-- 
Hunter
------
Hunter Goatley, Process Software, http://www.process.com/
goathunter at goatley.com   http://hunter.goatley.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.trailing-edge.com/pipermail/simh/attachments/20200325/556789ad/attachment-0001.html>