From:	SMTP%"piper@tgv.com" 31-MAY-1994 18:33:04.44
To:	EVERHART
CC:	
Subj:	Re: OpenVMS message program

From: piper@tgv.com (Derrell D. Piper)
X-Newsgroups: comp.os.vms
Subject: Re: OpenVMS message program
Date: 31 May 1994 21:10:44 GMT
Organization: TGV Inc., Santa Cruz, CA
Lines: 20
Distribution: world
Message-ID: <2sg94k$t74@news.arc.nasa.gov>
Reply-To: piper@tgv.com
NNTP-Posting-Host: hq.tgv.com
X-Newsreader: mxrn 6.18-6
To: Info-VAX@CRVAX.SRI.COM
X-Gateway-Source-Info: USENET



> IMHO, DEC should fix Phone in order to protect DEC's reputation, or delete it,
> even though the hole has no security implications for many sites.

If you'd like, you can prevent unprivileged users from connecting to the
outbound phone object thusly:

	$ mcr ncp set obj phone outgoing connect priv sysnam
	$ mcr ncp def obj phone outgoing connect priv sysnam

Since PHONE.EXE is installed with SYSNAM, normal use of PHONE will not be
affected.


Finger 'piper@tgv.com' for my PGP key. 

Derrell Piper   | piper@tgv.com      | +1 408 457 5384
TGV, Inc.       | 101 Cooper Street  | Santa Cruz, CA 95060 USA