TUCoPS :: Macintosh :: kernel3.htm

MacOS 9 and the MacOS Netware Client Security Issues 
Vulnerability

    kernel

Affected

    MacOS 9 and the MacOS Netware Client

Description

    Matt White  found following.   MacOS 9  adds the  ability to  have
    multiple users on a single Macintosh.   When it boots it will  (if
    enabled) ask you to log in.  However, while logged in if you login
    to NDS, and  select "Logout" from  the Special menu,  you will NOT
    be logged out of NDS.  The  tree in the menu bar will stay  green,
    and you are  still logged in.   Any user can  then log back  in as
    themselves and use your login to NDS.

    This was tested on an iMac running MacOS 9 and the ProSoft  client
    (version 5.12).  It was  not tested on the Novell  client (version
    5.11), but since the clients  are so similar one would  assume the
    "bug" exists there too.

    Currently  the  Desktop   Management  Services  (Multiple   Users)
    architecture only supports  it's own user  database (local or  Mac
    OS X) and  does not know  if you are  connected to a  network like
    (NT or NetWare).   Due to this  design, the Mac  OS does not  know
    how to notify the NetWare  Server or the MacIPX Client  to request
    a logout call leaving your NDS Tree connection live until watchdog
    disconnects the user.

    And since  one of  the routine  upon logout,  Mac OS  dismount all
    mounted volumes  that logs  you out  of bindery  or any AppleShare
    logins. NDS on the other  hand works different since users  can be
    logged in to the Tree without logging into any servers, they  lose
    connection to the server but not to the NDS Tree.

    Just like dragging  the volume/s to  the trash does  not winterize
    the NW  Tree menu  icon.   You would  need to  teach the  users to
    select Log Out Completely before logging out of Mac OS 9.

Solution

    The workaround  is simple  enough, just  make sure  you log out of
    NDS  and  THEN  out  of  MacOS.  An alternative would be to simply
    restart the Mac instead of logging out.

    The only quick workaround is using NDS Osax with an applescript in
    the Shutdown Items folder to  execute the logout call to  NDS, see
    below.  A workaround for this, would be to download NDS Osax1.0b9:

        http://www.lextech.com/egb/ndsosax.html

    and then write a simple AppleScript that logs the current user out
    of  the  tree  and  place  an  alias  to the script in each user's
    Shutdown  folder.   Then,  whenever  a  user  logs  out  they  are
    automatically logged  out of  the tree.   A really  simple  script
    would be:

        --NDS Logout example
        on run
        NDS_Osax_Logout
        end run

    You could take  this further and  cycle through the  process list,
    quitting  each  application.   That  way  all Netware volumes will
    dismount cleanly and not halt the logout procedure.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH