|
Vulnerability kernel Affected MacOS 9 and the MacOS Netware Client Description Matt White found following. MacOS 9 adds the ability to have multiple users on a single Macintosh. When it boots it will (if enabled) ask you to log in. However, while logged in if you login to NDS, and select "Logout" from the Special menu, you will NOT be logged out of NDS. The tree in the menu bar will stay green, and you are still logged in. Any user can then log back in as themselves and use your login to NDS. This was tested on an iMac running MacOS 9 and the ProSoft client (version 5.12). It was not tested on the Novell client (version 5.11), but since the clients are so similar one would assume the "bug" exists there too. Currently the Desktop Management Services (Multiple Users) architecture only supports it's own user database (local or Mac OS X) and does not know if you are connected to a network like (NT or NetWare). Due to this design, the Mac OS does not know how to notify the NetWare Server or the MacIPX Client to request a logout call leaving your NDS Tree connection live until watchdog disconnects the user. And since one of the routine upon logout, Mac OS dismount all mounted volumes that logs you out of bindery or any AppleShare logins. NDS on the other hand works different since users can be logged in to the Tree without logging into any servers, they lose connection to the server but not to the NDS Tree. Just like dragging the volume/s to the trash does not winterize the NW Tree menu icon. You would need to teach the users to select Log Out Completely before logging out of Mac OS 9. Solution The workaround is simple enough, just make sure you log out of NDS and THEN out of MacOS. An alternative would be to simply restart the Mac instead of logging out. The only quick workaround is using NDS Osax with an applescript in the Shutdown Items folder to execute the logout call to NDS, see below. A workaround for this, would be to download NDS Osax1.0b9: http://www.lextech.com/egb/ndsosax.html and then write a simple AppleScript that logs the current user out of the tree and place an alias to the script in each user's Shutdown folder. Then, whenever a user logs out they are automatically logged out of the tree. A really simple script would be: --NDS Logout example on run NDS_Osax_Logout end run You could take this further and cycle through the process list, quitting each application. That way all Netware volumes will dismount cleanly and not halt the logout procedure.