Is Your e3000 Environment Secure? - by Mark Bixby
Is Your e3000 Environment Secure? - HPWorld 2003 page 51August 14, 2003
Anybody can do :LISTFILE @.@.@
to see all MPE-namespace files
§:LISTFILE exposes account names, group names, and
file names even if you do not have access rights
§Descriptive names can be valuable information to a
hacker
§Limit access to the CI prompt and the ability to execute
CI commands
§HFS directories can be used in conjunction with POSIX
security to prevent unauthorized users from viewing the
contents below