[Gllug] Re: Insecure practices at my ISP
Pete Ryland
pdr at pdr.cx
Fri Apr 4 12:52:52 UTC 2003
On Fri, Apr 04, 2003 at 12:59:46PM +0100, David Pashley wrote:
> On Apr 04, 2003 at 12:32, Wulf Forrester-Barker praised the llamas by saying:
> > Surely running a command such as ls -l is an acceptable use of access to
> > a Unix-based system. All you're doing is checking what the system
> > administrator has given you PERMISSION to do. For files and directories
> > that they don't want you looking at, they simply have to remove the
> > global read permission (assuming that the group and user don't apply to
> > the other person logging in).
>
> Nope. it isn't a matter of what the computer gives you permission to do,
> but what you are authorised to do.
>
> Sect 17(5) of the Computer Misuse Act says:
>
> (5) Access of any kind by any person to any program or data held in a
> computer is unauthorised if-
>
> (a) he is not himself entitled to control access of the kind in
> question to the program or data; and
>
> (b) he does not have consent to access by him of the kind in question
> to the program or data from any person who is so entitled.
>
> He clearly fails the first part, and arugably he fails the second part.
One could argue that Unix systems traditionally have world-readable home
directories, and hence data held in home directories is normally not
considered (by default) "private" unless the permissions are explicitly set
by the user. It's only in the last couple of years has it become "normal"
to not have world-readable home directories, and only in the last 15-20
years that user accounts had passwords at all. ;-)
Also, I'm surprised that the penalty is only six months. In AU it's 3 years
for accessing and 5 for altering data without permission.
Pete
--
Pete Ryland
http://pdr.cx/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list