Is Your e3000 Environment Secure? - HPWorld 2003
August 14, 2003
FTP - be aware of FTPSRVR's "site stream" command
Allows remote users to stream batch jobs
Users with CAP=BA,SF could upload new batch jobs to /tmp or other writable directories and then stream those jobs
Defeats the use of "OPTION LOGON,NOBREAK" if such UDCs do not also restrict batch jobs
A future version of FTPSRVR will add a new parameter to SETPARMS.ARPA.SYS to globally enable or disable "site stream" (FTPHD07/8/9 LD)
Vesoft's Security/3000 product can also control the use of "site stream"