[Gllug] Re: Insecure practices at my ISP

David Pashley david at parguild.co.uk
Fri Apr 4 11:59:46 UTC 2003


On Apr 04, 2003 at 12:32, Wulf Forrester-Barker praised the llamas by saying:
> Surely running a command such as ls -l is an acceptable use of access to
> a Unix-based system. All you're doing is checking what the system
> administrator has given you PERMISSION to do. For files and directories
> that they don't want you looking at, they simply have to remove the
> global read permission (assuming that the group and user don't apply to
> the other person logging in).

Nope. it isn't a matter of what the computer gives you permission to do,
but what you are authorised to do.

Sect 17(5) of the Computer Misuse Act says:

(5) Access of any kind by any person to any program or data held in a
    computer is unauthorised if-

 (a) he is not himself entitled to control access of the kind in
     question to the program or data; and
 
 (b) he does not have consent to access by him of the kind in question
     to the program or data from any person who is so entitled.

He clearly fails the first part, and arugably he fails the second part.
> 
> After all, by paying for the hosting account, you've paid for a key to
> the 'front door' and should reasonably be expected to 'measure up your
> room'!
> 
> Wulf
> 
> 

-- 
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030404/e889a081/attachment.pgp>


More information about the GLLUG mailing list